e91b9e82606f7e52878d0b4b95199783920d1db1551cbc2217dd875ebff2bd81

Analysis

max time kernel
2684s
max time network
2687s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
15/06/2024, 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wallpapersden.com_firewatch-4k-uhd_3840x2160.jpg
Size

1.6MB
MD5

61d9a6d6b9a86e1d7bdedf4b0c4776af
SHA1

4956e767a8bd8ad44185c177b7612dd5c0a8f4c7
SHA256

e91b9e82606f7e52878d0b4b95199783920d1db1551cbc2217dd875ebff2bd81
SHA512

a11035e14f091ea1f6e5cd36c35960e8b73abcd4f94a2c7299bdeabf1761f7db0dffa6155af655ae910699d5e503f65251912abc520b35064fb419e9a6ae1d06
SSDEEP

49152:fTAYPgFN5LFGx2PJyMHALcTU+RDhpD3v5:f1I1Ix2xXEcTlD/5

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	svchost.exe
File opened for modification	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c95de7e2-a271-4d06-924d-b30038ba8a4d}\snapshot.etl	svchost.exe
File created	C:\Windows\system32\wdi\LogFiles\StartupInfo\S-1-5-21-1672260578-815027929-964132517-1000_StartupInfo3.xml	svchost.exe
File opened for modification	C:\Windows\system32\NDF\{4F1BE79C-1A39-4657-BA51-C3C370CDCD75}-temp-06152024-0622.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File created	C:\Windows\system32\NDF\{4F1BE79C-1A39-4657-BA51-C3C370CDCD75}-temp-06152024-0622.etl	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUtmp.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File created	C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c95de7e2-a271-4d06-924d-b30038ba8a4d}\snapshot.etl	svchost.exe
File opened for modification	C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1672260578-815027929-964132517-1000_UserData.bin	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
1832	ipconfig.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629060846211286"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial\Default	svchost.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
244	chrome.exe
244	chrome.exe
4608	sdiagnhost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
244	chrome.exe
244	chrome.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe
2096	svchost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeDebugPrivilege	4608	sdiagnhost.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	2096	svchost.exe
Token: SeCreatePagefilePrivilege	2096	svchost.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
3676	msdt.exe
244	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 3044	244	chrome.exe	81
PID 244 wrote to memory of 3044	244	chrome.exe	81
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 1900	244	chrome.exe	82
PID 244 wrote to memory of 4448	244	chrome.exe	83
PID 244 wrote to memory of 4448	244	chrome.exe	83
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84
PID 244 wrote to memory of 1600	244	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\wallpapersden.com_firewatch-4k-uhd_3840x2160.jpg
1⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff32eeab58,0x7fff32eeab68,0x7fff32eeab78
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4804 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4496 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3164 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Windows\system32\msdt.exe
  -modal "328236" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFD188.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3996 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2424 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1816 --field-trial-handle=1836,i,11259427116991409439,7030604669670807052,131072 /prefetch:1
  2⤵
  PID:1516

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4248

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4608
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5068
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:2140
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:1832
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:1360
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:4856

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2096

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:3200

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:4916
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:612

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061506.000\NetworkDiagnostics.debugreport.xml

Filesize
209KB

MD5
f36633f17f4e668188dca996ec17d3b6

SHA1
ecc92349b8d835bc9f76dfb5b57bc4f0f7946bbd

SHA256
b0a3f166ff20f595e69c83232d8298932e9922876b93260aca7213edde4b1581

SHA512
2be0425130d0775827cf35dd279f30a7bb3441c19364530587377be0ad24647fb8d90ea1045d70747a8a6098d7f2afb8203daefce627fa0a85e52e7568e2c6ad

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061506.000\ResultReport.xml

Filesize
38KB

MD5
2c8c41a53e6bf397eabaf1d189af84c4

SHA1
8578d76d95a27a968a5c58ac30613e7bab73652a

SHA256
abf186f10a51fc8124372bf01bdacc655eb0c62c0b04fb6eb3b3cbd019064249

SHA512
ce7292635a278e391f5af0a6465f3dfb8527247aac47f34b27daeb02b96487402d85a26723717e1249f2b7ad1ad84c93127a9455c7601a15e3ad0a541f289045

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061506.000\results.xsl

Filesize
47KB

MD5
90df783c6d95859f3a420cb6af1bafe1

SHA1
3fe1e63ca5efc0822fc3a4ae862557238aa22f78

SHA256
06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093

SHA512
e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
7e938c9088b979a8f785e496f5e2c740

SHA1
bf1d34a863684edf3ba28713b9c1d2399025c1c0

SHA256
a99d50ad43dfa4564077d2eee38616d50a75cb8af10d3ab4302710dd4cc5f699

SHA512
6b75d0c1829e5920be48d020da8b5a91527fe2f3a251319716bd26d6fc9111bee663f314b03d8ac3292917847a493f69bea41c33f4e33a07d2c339946b9508b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
18677839f3b8b56924adfa3bde255b06

SHA1
eca1740093751edf6e1a52a9b8b7634b04ca8932

SHA256
95ca4756cefbc784ede9f63db22f27c8c0b98352f7ce9ad87e257c9140c04a72

SHA512
279f14a8a6b6fd3a9c7bb97923e81a88c0547dfb9060313d730afc33695eacb14238634902ff7d69847de9da0f863d837a5e5217de5a409f4346cc81beb7d6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
92bfd4b0bce3e1a3ef77b40944374e25

SHA1
4d6d4074cba019a764acf678690803947f442248

SHA256
0bae1632034452e8bf27956d73c7a669d4632f9a9ab77a79be597a1c92cd05cb

SHA512
2e51d2b5b24b715c6f6398b3efc5c081c5fb9b93cb5bad420db4c1bba76424fc32dca1bcaf6a3aea3b486552a5c1a172ba2d1c6770a6e91ffda1f827d98816b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
64693380f3b6fe10e4b43cbf7f685059

SHA1
63b8a77cac0f5916a6a70063f89dce52e2630545

SHA256
9651d7b25b91a9578f920f1ffdb8e60d01e762022205d259b2dffcd055f81951

SHA512
24a7f5ad6d344b20218a43c5098f89eb8756187d904b1aa799a7e615ab6fee23d2e8980ec168a9cdfcea5af05b3111989476b5d9d7a285aff6991e1c17974f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
5c06fcc39d0b8cd82f2cba9adafac4e5

SHA1
3924e9012a45b829c08c1e25f95ca09c0685185a

SHA256
054498a3d3614ab083ba3b1ac9fddb49d51e58e854795e4deb813c035821461b

SHA512
7c2e454b32ba62d827fb8a700ec172e2ac0647733728b85478070d17fe03d2a556865484f34f1d4d0352f7f5dc2b17236912e1f874904291a4de0f1b46311924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
0caf0b78a7ce1041106323ae9cf51ecd

SHA1
62b4e90123ff8118d6ed871ee7915044fbea2b7d

SHA256
6f828d43dcaf460398c634d93190735c82508ad82a7c61caa6c682a69db13aa0

SHA512
0fda009325d88dd24198197f6d115d85cc612176b969f7c9b3f3c02fe9393a8f6ed99b2f55117a190a1cc7a7aa2e781b2e4d8b94a18a2e48f3fe77542dbedff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
7580c6992f8778d2acc0e17b2d90656f

SHA1
8014ff8dd704c68f79c97fa23f6e9db1c7f79635

SHA256
4de85305a4d355a08fc39725de5d6018b3cd424168236530224e6e4c6bea870e

SHA512
e1942c19cc84b8aa6e8179f350e7e2f44eee51a19278412b1c25736f8a879093811fff939dec330499f28697947bdab7fe790dbfa970fafe30d6a59cf9cab44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
5fe8920637c6e0b50804c6f47f1ead9d

SHA1
503ad7712600ccc54b96debe98a6db125e717ddd

SHA256
c21ac72e6c7c13f894324f8ad922608daa31388111b7a16e92fd99d588c68aa1

SHA512
a2a10599b4893e386d0f773ffca686fe67f2c48097f277303b8538518f78afe45df4cbb5bbdd51e683a604690418303bccc9c36757eb69e44db5b9b27161da17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
3e01adc73c46f9778765185cd7ae0403

SHA1
8a2c5a05790556865e1770aeaed277592a53c933

SHA256
42dc134545ab0938a4fd22eff798022c393a2c82e198ec901e9bb952b9e64d67

SHA512
2b1fc21ed0ccbccf6fa69605e6163d6a50546e68f409f5c96a0130b39c04fe3a8979cfbb82aee5c92476b6024b730d6aca5b1fd8b1769427308bbd2de8f17505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f8a8.TMP

Filesize
82KB

MD5
9e3789aa2a6bd23cc7c90cef4cb66a39

SHA1
5698e6431433b4852d40f517e088eaf511bf1db4

SHA256
02aad1df6b60fb02979922e9ddb6bd438280efb9afed108381f8adef57816121

SHA512
7a0ab4af4f88f268f188206d7cb530adc603d9e42732d49674de2d27665325e7f30315d55a39a7744adc7dd6caed44f5bff86517ee76cb43d0af0b52a45e2dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
75ae17b4bd68a4b89617d7e31e0bc98b

SHA1
3607e50658e185c0d09d373eefe30bdf9ef3fc3d

SHA256
ab6575e295790597e8c2c5e3b5d42813fb7c1e0411d5eccfdfcb9691f29d80e9

SHA512
2dd06741910c4c5afb4c10a972acf9b05b2f82705e329fa054d918f28ea3938730cfbf70c81566f8da384779eb54b046d01e943892b0adbac59117e53eb4fc20

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFD188.tmp

Filesize
3KB

MD5
e310e5578a38aa0803fe501af84e061d

SHA1
ec4e52893b7da842778df8d6658b356de731249b

SHA256
904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

SHA512
36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vxtm04ne.lv0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp970B.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
15ac0857e6931bf69f1a98c548d756df

SHA1
2c5e2595a7fa30bd9c818d6cdc76e6784d3536ee

SHA256
99b103b63153cffbfc977efa2135060978c3c12e9913365a4915f403a3af99e5

SHA512
0d6bc597179d2693c1d3026cfa31e18447f08bb79940f899c3be0f2086e3617a0a86f23a9aa2932a6d2e58c7c0d1fba480d960240b4e2a982f6d9d1dad95ef84

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp970B.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp970B.tmp\ipconfig.all.txt

Filesize
1KB

MD5
3f55143cd461f173707d8740df20802f

SHA1
3bfcee7a58600df57b110d9fbc13b07553cb5eac

SHA256
57f9ab0bebad64a63ef0893385887e9addf40aa483be243787f8dee9058c4d54

SHA512
900402ef791450e96c21a50d193173f198d73e384b7e11d3f57c5acec6ca58b630490d63114b92c639b0dcbdeac2f54b1a8b37e587c15b18d95a547edffbb1c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp970B.tmp\route.print.txt

Filesize
4KB

MD5
7536e9d3d0e0a45ee658490bf75f21c2

SHA1
ada74acc277518d42ce6af128431d34864ab6e77

SHA256
e55e994df24e604d7da58cb9ff55e0a37da3490888c5ef3aff262cc94f65e364

SHA512
e9fc9b2d114d10c6363d7997150423643a85cf6777ec2073ba70ac370a7b3b0e14f46d363582c3949d970fc10c1d2d28340af0458238100ec4227d25a4a85570

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp970B.tmp\setup.inf

Filesize
978B

MD5
3253e4b7798a77987b17ee89b24c8784

SHA1
50d70d4a7a9f27559ab1dbefb4ed41beb390eace

SHA256
4935fc9ddf875919cda1af0698413ebb3d184bec58efa8d55ad25bc1d96cdc41

SHA512
37c739fa086bfa4984810de531c2ae36d556e0c4c641b4f36bfd838fc76fb32283bd94b3ed15abefc3fd0c53f351c2a15fcadba6fc49b236031a52390dc46a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp970B.tmp\setup.rpt

Filesize
283B

MD5
72273c1e29514111eca2464459cfb853

SHA1
bbf53bd321812a9c9061609ad73740ea522a9dac

SHA256
0a38d03cd22152a2f908f35cbe863f4b215c6b49b04ceb85c70c498725d1769a

SHA512
05668393bc727ff4f5ec008daaac294dd6195b792eea28303a678f62e31f071a9459590c6abb0b64f4b778221da36587ff41ce75766d9d0e63821b0dbe10cbca

Download Submit
C:\Windows\TEMP\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\NetworkDiagnosticsResolve.ps1

Filesize
11KB

MD5
d213491a2d74b38a9535d616b9161217

SHA1
bde94742d1e769638e2de84dfb099f797adcc217

SHA256
4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

SHA512
5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

Download Submit
C:\Windows\TEMP\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\NetworkDiagnosticsVerify.ps1

Filesize
10KB

MD5
9b222d8ec4b20860f10ebf303035b984

SHA1
b30eea35c2516afcab2c49ef6531af94efaf7e1a

SHA256
a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

SHA512
8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

Download Submit
C:\Windows\TEMP\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\en-US\LocalizationData.psd1

Filesize
5KB

MD5
91f545459be2ff513b8d98c7831b8e54

SHA1
499e4aa76fc21540796c75ba5a6a47980ff1bc21

SHA256
1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff

SHA512
469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911

Download Submit
C:\Windows\Temp\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\DiagPackage.dll

Filesize
488KB

MD5
ec287e627bf07521b8b443e5d7836c92

SHA1
02595dde2bd98326d8608ee3ddabc481ddc39c3d

SHA256
35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694

SHA512
8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903

Download Submit
C:\Windows\Temp\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44b3399345bc836153df1024fa0a81e1

SHA1
ce979bfdc914c284a9a15c4d0f9f18db4d984cdd

SHA256
502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d

SHA512
a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4

Download Submit
C:\Windows\Temp\SDIAG_8220f1c2-db2d-42c5-9ffc-a90b7ded030b\result\4F1BE79C-1A39-4657-BA51-C3C370CDCD75.Diagnose.Admin.0.etl

Filesize
192KB

MD5
935e692beb1901e3a4ee98f8f7df3fc1

SHA1
da6e84172be2d437d675dff8c8378383029fbe9a

SHA256
401113579d6df0dbc38cbe6bafce99aa12da5633faccdb412eeba3a814e4fcbc

SHA512
88ec8b3e32ad6cba2fd8053b0c7e8935d084d63e604cd902a561f491ffacc7363fe4c156b55ab3aa4b600fe1d0e87a96c22d0156a8b48f1ea9d2fcef2d445712

Download Submit
memory/2096-434-0x0000016331820000-0x0000016331830000-memory.dmp

Filesize
64KB

Download
memory/2096-438-0x0000016331860000-0x0000016331870000-memory.dmp

Filesize
64KB

Download
memory/2096-443-0x0000016331D20000-0x0000016331D21000-memory.dmp

Filesize
4KB

Download
memory/2096-712-0x0000016331E40000-0x0000016331E41000-memory.dmp

Filesize
4KB

Download
memory/2096-713-0x0000016331E30000-0x0000016331E31000-memory.dmp

Filesize
4KB

Download
memory/2096-715-0x0000016331D30000-0x0000016331D31000-memory.dmp

Filesize
4KB

Download
memory/2096-716-0x0000016331D20000-0x0000016331D21000-memory.dmp

Filesize
4KB

Download
memory/2096-718-0x0000016331D20000-0x0000016331D21000-memory.dmp

Filesize
4KB

Download
memory/2096-721-0x0000016331C70000-0x0000016331C71000-memory.dmp

Filesize
4KB

Download
memory/4608-426-0x0000022C4E340000-0x0000022C4E362000-memory.dmp

Filesize
136KB

Download