Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-06-2024 21:53

General

  • Target

    https://cdn.discordapp.com/attachments/1232385831918895114/1241146798257733744/accountify.v2.rar?ex=667007c8&is=666eb648&hm=52b677ba2c536acdba8ccd2fd2a2aa3802f7ebf4cdebccb5d288d8ba164e3cb0&

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 5 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1232385831918895114/1241146798257733744/accountify.v2.rar?ex=667007c8&is=666eb648&hm=52b677ba2c536acdba8ccd2fd2a2aa3802f7ebf4cdebccb5d288d8ba164e3cb0&
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3668
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe50543cb8,0x7ffe50543cc8,0x7ffe50543cd8
      2⤵
        PID:3116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        2⤵
          PID:2876
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:104
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
          2⤵
            PID:4944
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
            2⤵
              PID:4584
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
              2⤵
                PID:1696
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
                2⤵
                  PID:2276
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                  2⤵
                    PID:824
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3164
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1368
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                    2⤵
                      PID:1116
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                      2⤵
                        PID:4720
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
                        2⤵
                          PID:3296
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
                          2⤵
                            PID:2008
                          • C:\Windows\system32\msdt.exe
                            -modal "524844" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFBA95.tmp" -ep "NetworkDiagnosticsWeb"
                            2⤵
                            • Suspicious use of FindShellTrayWindow
                            PID:4784
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,15524859649159396643,337965187846755240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
                            2⤵
                              PID:5512
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:848
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4296
                              • C:\Windows\System32\sdiagnhost.exe
                                C:\Windows\System32\sdiagnhost.exe -Embedding
                                1⤵
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of AdjustPrivilegeToken
                                PID:5308
                                • C:\Windows\system32\netsh.exe
                                  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
                                  2⤵
                                    PID:5468
                                  • C:\Windows\system32\netsh.exe
                                    "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
                                    2⤵
                                      PID:5924
                                  • C:\Windows\System32\svchost.exe
                                    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
                                    1⤵
                                    • Drops file in System32 directory
                                    • Checks processor information in registry
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5716
                                  • C:\Windows\System32\svchost.exe
                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
                                    1⤵
                                      PID:5748
                                    • C:\Windows\System32\svchost.exe
                                      C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
                                      1⤵
                                      • Modifies data under HKEY_USERS
                                      PID:5972

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061621.000\NetworkDiagnostics.debugreport.xml
                                      Filesize

                                      71KB

                                      MD5

                                      6fcc2baed8200b1e9675ec82ff958003

                                      SHA1

                                      4e87771cdf4433fdf006635261dc58730e5f0052

                                      SHA256

                                      8ec69dd51c9c69d187e4f07a4da116f3df32cbd16ed725849b718bafb8b27daa

                                      SHA512

                                      0d8fe58f44886e554cf0881e17a6ddd189b3bd2925aa0dc80468fdb21b3a693450831ce2897e53b4e7d3b4a85c72efc765e460e5afdc8b506386432d58bf2445

                                    • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061621.000\results.xsl
                                      Filesize

                                      47KB

                                      MD5

                                      90df783c6d95859f3a420cb6af1bafe1

                                      SHA1

                                      3fe1e63ca5efc0822fc3a4ae862557238aa22f78

                                      SHA256

                                      06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093

                                      SHA512

                                      e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      d56e8f308a28ac4183257a7950ab5c89

                                      SHA1

                                      044969c58cef041a073c2d132fa66ccc1ee553fe

                                      SHA256

                                      0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae

                                      SHA512

                                      fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      8f2eb94e31cadfb6eb07e6bbe61ef7ae

                                      SHA1

                                      3f42b0d5a90408689e7f7941f8db72a67d5a2eab

                                      SHA256

                                      d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de

                                      SHA512

                                      9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      2c4247ae9958f872eaaf1c3f95d3de7e

                                      SHA1

                                      7e2381b7506ed437e6815141b185b915c9b8b1ee

                                      SHA256

                                      c66521a560b5be6a05f75af8bfc03dc55320373110bac5a4b45405e7253d039b

                                      SHA512

                                      158acb8f7ea76dd4a34ec1a9b67bbd84055d699bfa11a76bed855751334f2f7af34b0df823721d5eafe4c073b4bb43baee82bb17f534e5b70949e5f924373f76

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      7af65479d06de6ab47cd595de84d611c

                                      SHA1

                                      87521db3b6712f7c6e2ac373783491d724ff50f7

                                      SHA256

                                      54d333063918e25f24b881ce09ae14154b2b9b684685aedc63996a99933b47f4

                                      SHA512

                                      52665b62cb336ac2e2f92bca800c5fab83fd54b77a9ad20dc1552a6396179299b1303f00f085991c307955e30748a69fdecc89225998cea40121d709c6170f54

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      8KB

                                      MD5

                                      ced02ffe12c49f2fd849227d8fb46059

                                      SHA1

                                      3d356caefc487756580cf79750cf08b75e9afe47

                                      SHA256

                                      04adc4d37fdb7c4175ed09d258be74aa6ade1bdc2c6a65abed1e5c5ca5d8a730

                                      SHA512

                                      f34289c4543f50bd57aaed6ab73526cbf7bc809f118033b5063b12303febde3060530df1dc1a3ee99f6e046b689e4db8d06875289248cee11ea342f54875b125

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      8KB

                                      MD5

                                      092999e2e4f30f9a98ad47a482611ea6

                                      SHA1

                                      c094f169e2ee1f6be49bcbd9b7269699361fdc14

                                      SHA256

                                      3a41c40a80971a2f5356347b9ae5aa400e0a97308cda6d58374096721538eeeb

                                      SHA512

                                      f1fd1c79da0a7f35016bacea8f6023802f8de5dd36e1a19d7ce68c06079ae5274e40fbc17c8e6071d3ee76ea7f5afd92bed4984c21d49e3e5cd1c88e33e53a5d

                                    • C:\Users\Admin\AppData\Local\Temp\NDFBA95.tmp
                                      Filesize

                                      3KB

                                      MD5

                                      a5151ede3279f7479bc9385c2babd6b7

                                      SHA1

                                      4ceeb3fbb60bb747b7efbc2e6449a216bcd635aa

                                      SHA256

                                      b8d53094753c5495396b7387cddb9218cd7f3ffae7358fc6ab0be9429f1fa66c

                                      SHA512

                                      753bd49cd83b2fac38ed95098e4386216d71740d119218a84c5070f3490dfb1717368d5422acd6e90c6dae24673a32057287bed43925aed5f8c63c9e4401c3fe

                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v4zeuhxr.qol.ps1
                                      Filesize

                                      60B

                                      MD5

                                      d17fe0a3f47be24a6453e9ef58c94641

                                      SHA1

                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                      SHA256

                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                      SHA512

                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                    • C:\Windows\TEMP\SDIAG_17d662a0-f6d0-48ce-a634-58a811e0fefc\NetworkDiagnosticsTroubleshoot.ps1
                                      Filesize

                                      25KB

                                      MD5

                                      d0cfc204ca3968b891f7ce0dccfb2eda

                                      SHA1

                                      56dad1716554d8dc573d0ea391f808e7857b2206

                                      SHA256

                                      e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

                                      SHA512

                                      4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

                                    • C:\Windows\TEMP\SDIAG_17d662a0-f6d0-48ce-a634-58a811e0fefc\StartDPSService.ps1
                                      Filesize

                                      567B

                                      MD5

                                      a660422059d953c6d681b53a6977100e

                                      SHA1

                                      0c95dd05514d062354c0eecc9ae8d437123305bb

                                      SHA256

                                      d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

                                      SHA512

                                      26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

                                    • C:\Windows\TEMP\SDIAG_17d662a0-f6d0-48ce-a634-58a811e0fefc\UtilityFunctions.ps1
                                      Filesize

                                      53KB

                                      MD5

                                      c912faa190464ce7dec867464c35a8dc

                                      SHA1

                                      d1c6482dad37720db6bdc594c4757914d1b1dd70

                                      SHA256

                                      3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

                                      SHA512

                                      5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

                                    • C:\Windows\TEMP\SDIAG_17d662a0-f6d0-48ce-a634-58a811e0fefc\UtilitySetConstants.ps1
                                      Filesize

                                      2KB

                                      MD5

                                      0c75ae5e75c3e181d13768909c8240ba

                                      SHA1

                                      288403fc4bedaacebccf4f74d3073f082ef70eb9

                                      SHA256

                                      de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

                                      SHA512

                                      8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

                                    • C:\Windows\TEMP\SDIAG_17d662a0-f6d0-48ce-a634-58a811e0fefc\en-US\LocalizationData.psd1
                                      Filesize

                                      5KB

                                      MD5

                                      91f545459be2ff513b8d98c7831b8e54

                                      SHA1

                                      499e4aa76fc21540796c75ba5a6a47980ff1bc21

                                      SHA256

                                      1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff

                                      SHA512

                                      469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911

                                    • C:\Windows\Temp\SDIAG_17d662a0-f6d0-48ce-a634-58a811e0fefc\DiagPackage.dll
                                      Filesize

                                      488KB

                                      MD5

                                      ec287e627bf07521b8b443e5d7836c92

                                      SHA1

                                      02595dde2bd98326d8608ee3ddabc481ddc39c3d

                                      SHA256

                                      35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694

                                      SHA512

                                      8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903

                                    • C:\Windows\Temp\SDIAG_17d662a0-f6d0-48ce-a634-58a811e0fefc\en-US\DiagPackage.dll.mui
                                      Filesize

                                      17KB

                                      MD5

                                      44b3399345bc836153df1024fa0a81e1

                                      SHA1

                                      ce979bfdc914c284a9a15c4d0f9f18db4d984cdd

                                      SHA256

                                      502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d

                                      SHA512

                                      a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4

                                    • \??\pipe\LOCAL\crashpad_3668_MSQKMAKNEBFDTVTL
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    • memory/5308-445-0x000001D37E710000-0x000001D37E732000-memory.dmp
                                      Filesize

                                      136KB

                                    • memory/5716-469-0x000001E96A320000-0x000001E96A330000-memory.dmp
                                      Filesize

                                      64KB

                                    • memory/5716-473-0x000001E96A360000-0x000001E96A370000-memory.dmp
                                      Filesize

                                      64KB

                                    • memory/5716-478-0x000001E96A820000-0x000001E96A821000-memory.dmp
                                      Filesize

                                      4KB