adbfaada11f2ed50e60f9b86b4fc742fec191645c8d27c224314e5e8cc4c50ce

Resubmissions

14/06/2024, 01:30

240614-bw94gazdpg 1

14/06/2024, 01:29

240614-bwc4qstdpn 1

14/06/2024, 01:25

240614-btaktszckh 5

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

triage test.txt
Size

9B
MD5

91d3f6850d5f17b54426f57175391aef
SHA1

889cc1b4a445eaae329d1b78c10facd2b76bbda8
SHA256

adbfaada11f2ed50e60f9b86b4fc742fec191645c8d27c224314e5e8cc4c50ce
SHA512

e677401a6c6240bc35f1fe9304b8af415691a7494968c4b19697ed7e234a3d396482bc69b37dfd38b227bac51bdad49278ebe31b070337c859217798f48a0a12

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	svchost.exe
File created	C:\Windows\system32\NDF\{81939515-0071-4F38-9E06-6892517EB1BC}-temp-06142024-0128.etl	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{81939515-0071-4F38-9E06-6892517EB1BC}-temp-06142024-0128.etl	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
6084	ipconfig.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\RAS AutoDial\Default	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628019922977545"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial	svchost.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1860	PING.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
876	chrome.exe
876	chrome.exe
6012	sdiagnhost.exe
6012	sdiagnhost.exe
6032	msedge.exe
6032	msedge.exe
656	sdiagnhost.exe
656	sdiagnhost.exe
876	chrome.exe
876	chrome.exe
5876	svchost.exe
5876	svchost.exe
1272	chrome.exe
1272	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
644	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeDebugPrivilege	6012	sdiagnhost.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe
Token: SeCreatePagefilePrivilege	876	chrome.exe
Token: SeShutdownPrivilege	876	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
3060	msdt.exe
5324	msdt.exe
5324	msdt.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 336	876	chrome.exe	92
PID 876 wrote to memory of 336	876	chrome.exe	92
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 2284	876	chrome.exe	93
PID 876 wrote to memory of 3468	876	chrome.exe	94
PID 876 wrote to memory of 3468	876	chrome.exe	94
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95
PID 876 wrote to memory of 1360	876	chrome.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\triage test.txt"
1⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d52aab58,0x7ff9d52aab68,0x7ff9d52aab78
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1852 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2168
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7e95aae48,0x7ff7e95aae58,0x7ff7e95aae68
    3⤵
    PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4872 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5048 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5036 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3468 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Windows\system32\msdt.exe
  -modal "458836" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFD63C.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4448 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2360 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Windows\system32\msdt.exe
  -modal "458836" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF5A13.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4040 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1692 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 --field-trial-handle=1792,i,6540242120189360330,11177828422479525541,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4388

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6012
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4876bdeeha47ch4acahbfb5hd1966ed76da8
1⤵
PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9d03a46f8,0x7ff9d03a4708,0x7ff9d03a4718
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1572514506249625438,11045010971405343672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1572514506249625438,11045010971405343672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1572514506249625438,11045010971405343672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:6140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:656
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5684
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5884
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:6084
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:6044
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:5604

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5876

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:5928
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:4648

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:6024

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:5492

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4744
- C:\Windows\system32\PING.EXE
  ping google.com
  2⤵
  - Runs ping.exe
  PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240614012632.pma

Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\NetworkDiagnostics.debugreport.xml

Filesize
69KB

MD5
dfdb447ddae2359a566157faa44d1ef0

SHA1
8976225141fae4ec16a1a5197209c40f56baaa59

SHA256
cd79d86206f126308a0a54e241223dc4445da58ed331245916701d32d4c9add2

SHA512
143a20b1dfd57c7109b788f39ddc7cf1aa9609ceb04cb6221ae64e76f2850eb5d2123a1e0d596b2e79d535338b499cbb76a2d4fe88ebd7106cb6f2527f11c4c6

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\ResultReport.xml

Filesize
36KB

MD5
197b5eb8fbff3ccb3c56949c33825f4f

SHA1
280d1dc4187dc84509f04519513cb2951b78d9d2

SHA256
37256e3e7934f8a48821e160bfeaf4227f904af9a656958083b189683130218b

SHA512
ccd6358ba71e27d2f9a2121d46ed19358b5de7182ab7039d57ec3d2c87efd963d789ec3ef1ddb349af88bdec05c56d4421ec37f18f6b90069137c536e19a11a6

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061401.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061401.001\NetworkDiagnostics.debugreport.xml

Filesize
209KB

MD5
0743ceacaffc0b7bcbce6c4bbd76a48f

SHA1
09f1189352e05a69f6d9cf8cb4322098acfd5159

SHA256
c45cd77da89f43e52ec64fda8d6d1e3e954b140dcd4b3dc5e9c66aa95a6b8517

SHA512
f7de005f3c9b948e5dc396b4b8dec789d4ad1e944da860a372fc39489817a8e288a79fb1e93f0c1ba6204057fab3e4a531e141307a0cdc77c0d3fecb494a739e

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061401.001\ResultReport.xml

Filesize
38KB

MD5
4ace370135e6b19c76896acb9e971499

SHA1
8954d23056fcb3710b220d3822a625d17bb909e2

SHA256
64e802333ed74f56ecd70100011414ad466bddf0be5e1b39b6ed578293804ad6

SHA512
a9473f48e5ddfdd4d55e29c4912c511057e9302fd811f2828e72abe9ed6f257bfe0e681f6cb673fb2ddad7788db6d58495fe775997fd92f2f2a43188115e9b82

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\latest.cab

Filesize
15KB

MD5
7a437dfe71c47b8b8a63e0bf63b861a3

SHA1
215c3e766bbc9d0ebf6dacfd5ceccb6b6cc541bc

SHA256
7227e0e9a965fd04381ccc1a768cb869f4de8692d01932711c721664c4ce5d79

SHA512
068dc0ff4d9437546c6129103997d9551c7f062af00d9a70cf96cbebc4a77ceedd0c633f690823425e348e026ac6288b4bb14ec576da736c179671efeaf2b656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fdeb8b3033d80b88e12f6fc6e6ad595f

SHA1
0f3c2a23a8178e7b48e21dc9747d2e4ca5335ba5

SHA256
6045ec76e180ca0ac3edf8eb07a8cb08366f1adeb1bfdd31aa9babe2288e414a

SHA512
8235e76f31ea6b07839c77aa7678d7b74b1915ef4e8317f863e52491c1f197418c20558a3d627dc88fafb1c9e17014365c31fc02287fa7661e0c5454208caa48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
92578bfda8c5c6f545ecb06256baf077

SHA1
47faf05fbdfb15dac7f03965a78c8d1978f6a7f3

SHA256
6fadb285b0c83aed87c6ca034d7bb183438a406f34068559090497ddd0d597bf

SHA512
c125c0669aac92d08f733e5a5ebeedff15413e1bb14a109525958cfd42eba737c3708ec90648990442450d09ff1a41b6ab153453cf5a97161afc5c22910d9d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1abe1f368bb6111d95c9561e4cbea9e2

SHA1
72f765e178eacc6509e8685546b6f829b479726d

SHA256
3476427e0aa1630fafdd5d981011d71f80a9b7e33c7d05d2e8fdb65f4d670019

SHA512
b5ecd1027b9301fe74c6b86b41852623ec41e03d52434ea964f74df9b000a19fc8d2accc890e9b5f99a023db8237c3a80a73660ee4a21fa4858e68e1b5b09cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
1ec288824155a9a8510f06b13a525f6b

SHA1
5bb0ea3a5afeda55573fa1aa103a22ad1de0a4bd

SHA256
80e4e0d6873e70635171529b5864327dbac227828dd1e0ba16ea75278c28d316

SHA512
8dc390670471ca11fca305d2d020d30d7108c0aef7f85a52cf7927c21dbb7709e7d89c8d7d1e8689e2d05ca91d498f403fb321df1f766d1d45aae1edc90c6457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a384620c2873f9fab5a797a3d2b85770

SHA1
70e172a32c8e3c52cb5e42224e207575180a076c

SHA256
48056d053a4bfc109c6fcbdd7bff10181943f450182cb9e9064bdf44244f4a72

SHA512
feed7691a1c69c7b6863c6fa0566d1f5ab2815f2a7d04d7856b8ba21c32e25e173a71b53d4f5ee1c44c3037433d84ec171307a8f19d73478b8d4eefaf58b35ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7b2f9478748243443550b66c97cce30f

SHA1
f12389c4be71851a9821903c5f50e657006c42e8

SHA256
e544c0e986b5d77bf3ff95593e4ce43047981d798c612878aaf86422641e0be4

SHA512
94ec65bc65b8d039e663024b7d1c99137f1ce8f9a193dc0000eb4b1a07b54e9575c376762bad39c78fe08d35a487536e0820cea99f8aa75055704ac9886600ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
2582c1bb9f200204ad06b4faead44a98

SHA1
054f8cdc8fe9118c9bc89e3220740fb5add0cba9

SHA256
d0484f20147d29949cc39e499ef630f39ec9a60862899c4a48958370c50f9540

SHA512
1f76ad809e491ab753284bc4fbc3c906e214bcd4410c4bfb24c5e3467197de88ec8163dd945143fe0538188466f63d812f87d700a623a7ec217f0a5fa66d5e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5818d2.TMP

Filesize
89KB

MD5
9010224e832b05f943aec9d6cded2aac

SHA1
320819a4d50b5010e504414cb5a267b018265b6d

SHA256
5a44e278f45aaf39d17e049f34267d49b9d4cea649f059db5a1e6743e692005a

SHA512
b6dde97911f13215bf1d578668f1cc623f97aca50c47eae3a59a8ad37619ff842d1e150fb08aeb10cb6e0b2ddba09da69cfb38a28b045bcf0b313959aa2f3306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log

Filesize
6KB

MD5
679b28bad1de1bb248ec8556801eccc7

SHA1
4273550d091d50e8292cb5d21bc3f93dbda3e68f

SHA256
d1f7df2f83a2268748bd0aa48572b469bd19ccd03945fca4c81bfa551c2ef340

SHA512
3b45814f4cd60a39a130472fceb982981ce491ed35356c3892d25c8f5e2b878b16ba9d4679b60cf99e226d78c83a1b5d4fd912af0ae4b2e1e75262aa7023c406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd16a115c31f121b173e452f84c74822

SHA1
160c6a60f3a4dcca9bd7bdc0413deb7347eb14f1

SHA256
3c1026c336d90c2c9d744cf5194ba874eadc1cb2c6348b63079ca549c419c033

SHA512
32b9a92f5af927c96661ea2b0ba11424c0a158916b1e1b0742d6f18f44fa22fa74fcb8393453831e9da157bbfed21a3dbbb4f0b8757e1c3f9057439c35b69af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0a1bed78a753d1326adbb53e41dbee2c

SHA1
91c669f9bb895b895772aefd1ae9ac4bda68520c

SHA256
f8042efd1be3d3080dcf659e1706293f11073240a4a2aa250a34c6dc223300c7

SHA512
1c75d4c42495f1b8bf5b087119ab5162b43ff778753add08d3f5b8f1d5c187326aa741f94669b10b9cfeb3b96fb64015b53666625784e6a73dc14ffb659f5b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFD63C.tmp

Filesize
3KB

MD5
e310e5578a38aa0803fe501af84e061d

SHA1
ec4e52893b7da842778df8d6658b356de731249b

SHA256
904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

SHA512
36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1sern0ri.ati.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF548.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
75ebe600d95aba8844f000f2aaec4819

SHA1
c5ce05c0022bb2d5b85407a779a93805c9d0435b

SHA256
306939d9aae96cc0e650bd8d59793ba1dc5c9d1f7c38e7964c4a2dad8284c8a8

SHA512
8c6dd06e786bfa48bc2a3444fa0ddfdb76ab3269f5f51cb87df149a8a0dfea665ded25823127009c5dd9c793ff357ff346228e692aa333c8882b2e8d3d3cf0dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF548.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF548.tmp\ipconfig.all.txt

Filesize
2KB

MD5
ee71ed53e6530ca6428b6a91d70f6ed0

SHA1
b3c19cc594f11f63c9a8a57db108bfa36a536b3a

SHA256
c423dac85bc1833366d3fa042d8f2fb0ddba75308a226a9e7f5881396ac75b4f

SHA512
d93c5f0b8a2dc515e2def21ca0e8dd06f3e060d0f2ace4c260687cafcf04299539920f757c91a4b89b40ff7fb0574d210ec19b205df2db327f3d21b09c683147

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF548.tmp\route.print.txt

Filesize
4KB

MD5
9c17f5c79f119e45203ba892cb3ab801

SHA1
e839a1a2fa0e46e99604d2ed3c21217c14548951

SHA256
08d8be8d760865a04cafb5880c702e0740bea4c24091f031c2c0e95d8f2f6eed

SHA512
8054607c42b277e7bb19fa70e9779b06c1ba3587fe6b6a31c091859a795f4f44bbf81e8b44e88c2a91521090ef25f47a857fc735300844d8df396d4bf42547d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF548.tmp\setup.inf

Filesize
978B

MD5
3b4d0d53ba52de37420d9e4396e0e9db

SHA1
20d8769eaa7df4df62b0d0ebb293155991aac63a

SHA256
8d4c5dc4e4e4bc88e887550edb32e95ae28390c54b647ce6018232b723524025

SHA512
9f14c29d16842ef225bbd465d54f38212b1ca377cb33d00a7e422ed0a250bf81a6e7b79cb4f6dc1473385b0615489b90c4a21e3875d26196c0cd7d02de987adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF548.tmp\setup.rpt

Filesize
283B

MD5
2f26fac2cf6f89e145c1de4d3cf3a3fc

SHA1
affeb47708dd1ffe3d6a4baf02fe044ceefd8e2c

SHA256
a8a28de6db9dc57004c54615aff0a63a9304a9497efce2256abab964aa0a3531

SHA512
4137134899360aad333936e6c3165febe0d140b95ebe7ab7878ad2064770970635f5ce1bcdface5700afd0c5a0fbb60487772dfcca4ec837fea8e3dd878891d7

Download Submit
C:\Windows\TEMP\SDIAG_646dc5df-cf62-4c66-ae5b-70e50b0b7ec9\NetworkDiagnosticsResolve.ps1

Filesize
11KB

MD5
d213491a2d74b38a9535d616b9161217

SHA1
bde94742d1e769638e2de84dfb099f797adcc217

SHA256
4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

SHA512
5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

Download Submit
C:\Windows\TEMP\SDIAG_646dc5df-cf62-4c66-ae5b-70e50b0b7ec9\NetworkDiagnosticsVerify.ps1

Filesize
10KB

MD5
9b222d8ec4b20860f10ebf303035b984

SHA1
b30eea35c2516afcab2c49ef6531af94efaf7e1a

SHA256
a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

SHA512
8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

Download Submit
C:\Windows\TEMP\SDIAG_646dc5df-cf62-4c66-ae5b-70e50b0b7ec9\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_9b89636e-341c-4658-a846-45453bcc6396\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_9b89636e-341c-4658-a846-45453bcc6396\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_9b89636e-341c-4658-a846-45453bcc6396\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_9b89636e-341c-4658-a846-45453bcc6396\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_646dc5df-cf62-4c66-ae5b-70e50b0b7ec9\DiagPackage.diagpkg

Filesize
163KB

MD5
0606098a37089bdc9d644dee1cc1cd78

SHA1
cadae9623a27bd22771bab9d26b97226e8f2318b

SHA256
284a7a8525b1777bdbc194fa38d28cd9ee91c2cbc7856f5968e79667c6b62a9d

SHA512
0711e2fef9fde17b87f3f6af1442bd46b4c86bb61c8519548b89c7a61dfcf734196ddf2d90e586d486a3b33f672a99379e8205c240bd4bcb23625ffb22936443

Download Submit
C:\Windows\Temp\SDIAG_646dc5df-cf62-4c66-ae5b-70e50b0b7ec9\result\81939515-0071-4F38-9E06-6892517EB1BC.Diagnose.Admin.0.etl

Filesize
192KB

MD5
a5cf8ca4a494242e960994e5e7028244

SHA1
57fc2acb3019ff995857bd5c7e05aa435c80b77a

SHA256
d6cffd4aa9693ebe5d4f88e571563b753f37cdd81ee159bc1a0a668b4f19b195

SHA512
7ccca6a93be38edf755dd0b281d396340e70ba654ad0579d18a0fc4546807e9091dc3d3b0c44f4384a27c6dbbda6c61c47f0f6ff5ef7bde9f432d8d55069d7b1

Download Submit
C:\Windows\Temp\SDIAG_9b89636e-341c-4658-a846-45453bcc6396\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_9b89636e-341c-4658-a846-45453bcc6396\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
memory/656-1000-0x000001F8C6D90000-0x000001F8C6DC0000-memory.dmp

Filesize
192KB

Download
memory/656-1115-0x000001F8C6D90000-0x000001F8C6DC0000-memory.dmp

Filesize
192KB

Download
memory/5876-987-0x000001F9CBF70000-0x000001F9CBF71000-memory.dmp

Filesize
4KB

Download
memory/5876-983-0x000001F9CBE00000-0x000001F9CBE10000-memory.dmp

Filesize
64KB

Download
memory/5876-979-0x000001F9CB7B0000-0x000001F9CB7C0000-memory.dmp

Filesize
64KB

Download
memory/6012-445-0x000001DC479E0000-0x000001DC47A02000-memory.dmp

Filesize
136KB

Download