82aae3112ca38c817ba94f7b1c8d24d05a66613f1a36e76a8f9cb58c990b6276

Resubmissions

01-07-2024 20:02

240701-yr3j6awgre 3

27-06-2024 17:07

25-06-2024 15:48

24-06-2024 16:39

24-06-2024 16:37

23-06-2024 21:16

23-06-2024 16:48

23-06-2024 16:26

Analysis

max time kernel
113s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FSSEWin.exe
Size

11.6MB
MD5

8f15e02375a0e5416472da63a9961ea6
SHA1

9585a99954d7927404f1df5d1ef742fe92b2eb26
SHA256

c9bb84733d9015302e8106c284897765c4573336bc4d3d5217229ef4d8f1909e
SHA512

5f6a3c09edadc2feee3fc6a2ea2b7f2a0e680f9e74bb4480f35a2836ec2949efdcff2f7702dbcf466b42fcff9b8d8b3bdbfc84f7054f8e8c5c31506472940a6f
SSDEEP

196608:qYg5Vz+Rez4AKeNok8u8Fn7s2gj/CmZSbm9v:qcez4Apo0a7Rgj4C9v

Score

5^/10

persistence privilege_escalation

Malware Config

Signatures

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\NDF\{6F75F926-81B6-4D96-8E1A-D4A3296984AB}-temp-06242024-1639.etl	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.chk	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRU.log	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.dat	svchost.exe
File opened for modification	C:\Windows\system32\SRU\SRUDB.jfm	svchost.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	svchost.exe
File created	C:\Windows\system32\NDF\{6F75F926-81B6-4D96-8E1A-D4A3296984AB}-temp-06242024-1639.etl	svchost.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk	svchost.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4120	ipconfig.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\RAS AutoDial	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\RAS AutoDial\Default	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637206606731269"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
2400	sdiagnhost.exe
536	svchost.exe
536	svchost.exe
4416	chrome.exe
4416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4344	FSSEWin.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe
Token: SeCreatePagefilePrivilege	4416	chrome.exe
Token: SeShutdownPrivilege	4416	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4700	msdt.exe
4416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe
4416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2348	4416	chrome.exe	83
PID 4416 wrote to memory of 2348	4416	chrome.exe	83
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1652	4416	chrome.exe	84
PID 4416 wrote to memory of 1528	4416	chrome.exe	85
PID 4416 wrote to memory of 1528	4416	chrome.exe	85
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86
PID 4416 wrote to memory of 3976	4416	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\FSSEWin.exe
"C:\Users\Admin\AppData\Local\Temp\FSSEWin.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942a4ab58,0x7ff942a4ab68,0x7ff942a4ab78
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5056 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4576 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4564 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4104 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4464 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4876 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Windows\system32\msdt.exe
  -modal "66166" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFE9C4.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2404 --field-trial-handle=1932,i,4185365399181013507,13510662046965368118,131072 /prefetch:1
  2⤵
  PID:4476

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4700

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2400
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:5060
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  - Event Triggered Execution: Netsh Helper DLL
  PID:1760
- C:\Windows\system32\ipconfig.exe
  "C:\Windows\system32\ipconfig.exe" /all
  2⤵
  - Gathers network information
  PID:4120
- C:\Windows\system32\ROUTE.EXE
  "C:\Windows\system32\ROUTE.EXE" print
  2⤵
  PID:1404
- C:\Windows\system32\makecab.exe
  "C:\Windows\system32\makecab.exe" /f NetworkConfiguration.ddf
  2⤵
  PID:3512

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:536

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:4024
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\winethc.dll",ForceProxyDetectionOnNextRun
  2⤵
  PID:768

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
1⤵
PID:2036

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024062416.000\NetworkDiagnostics.debugreport.xml

Filesize
209KB

MD5
335858b26bd986f6d2fc6177d8eac042

SHA1
f2df032c0c323ac33565c7c1369f8efe82d18c71

SHA256
a1c9754a07cac0fe60b4a4871665c9f22ae5cccf146c6c12d8cf51e66d4b53e5

SHA512
a4f7912e45f3a93d60b765ece3656c6707613e2597784989d0e4c8def2b7fdc17688ed6315e999b58353c339068acccdf9cce8fdd6e1b6155223a21ec2067911

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024062416.000\ResultReport.xml

Filesize
38KB

MD5
50def8ea243bf547f24f7b781b083c7a

SHA1
46201455e7716f18b369659d6791d933ddf6d50d

SHA256
60886bd7ab169c149d8014ac8109dd17f190e6c78d556b17a35a0b52c02ba990

SHA512
8e610cce183cd5c11cc74a39efb2d4eeed0f7fb6fe074f154f733ba9e3793c7e3b72fa04872a194f5a94bb132646ffbab9d95d977cb0db70f0d889ea856c9dde

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024062416.000\results.xsl

Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
2ec50d1f2d6df1d4b65d043db8b5cce0

SHA1
232712098d1d05cce51fa88fdfa6df66cc69b806

SHA256
86e0c1d11790825ead5b387441b89f2fd781ec4d9ceb55ff89f28dde099edca4

SHA512
6cacd6aa2eea11118bace76cdfd684e57b28b5b5684ad0fe802cd35af10fdb42ebdb6026c2b883686cd72e3e2b5e1b74a195f0801002f42086530670753d25ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b42e529f8d34dbaa604b1017251eb876

SHA1
bbff1de024369fffb642b74a0836279508d9e7d2

SHA256
d7b4f6722bd0f9c7aba57197f703718434b5ad9b8f73fb0a7d30e78d68e60c17

SHA512
cd6a7644b9aafba255314d960b8f7bf378c913fde52ff03e553aed2344d10767d9875ad81cfc762bfe0335ae03d4c4995869f74e3c11588b8940fce2ecdc8f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e86b6600bc3f096d1284829b164f83cf

SHA1
932bd40d659357d74b084ef74b9c341ab3194421

SHA256
0a360830fc52b4f81b8da1449d2ee50b510a5775dbdbe3a8c794ef7c4d38042e

SHA512
f484701cabed68febd2142b4f9d4e85ecfb918e36c607cb6c7604ffeddb44545816765e96cc1bb279978c049fa38e078c997eece4fc8bd1ca0bdadf0948fa51e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7fde9fe8617d98ee761da2eafa6a923f

SHA1
efefe9f472984b318e754bb6ac5a21a858525372

SHA256
fbe29fbf097db11ed693d107489d907774d036a9ae609bccf848a190ec970310

SHA512
ca5fecaf574c47c71afe5418a8b3d83e445e56f126b935ccc0e942833faf2044a18668323813ee23cb95867a7490b63fe63b16e21f56fce1c851fbba6e3f549e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
288KB

MD5
d84084c8fcb9ca342b74e99bf811f1fd

SHA1
73a209dd314204b7d85cdc0014b0ed7d58a7701c

SHA256
ef2c89a2224d82988008aa93032e60e6ebe008a0314124909430e78ae66aa9be

SHA512
eb974e8bf5b63642902952bbd8e63379be1de059a797e5da8dc33a8465e77f9ee5b9f15c6a1fe7f6362eec4d706aff9765a9dfc393e3e344861472e021c93d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
6c2a7d744408f03a87030378d1511266

SHA1
09fcb19d1478baefac21715abc443d1228972b6b

SHA256
70230a10fc4ede9f086e1ddeff2747ef97f691f98388bfc2036dffc2d2b21592

SHA512
9bc68ab811b9c98e4039a1e5240a638bbd45bfee4ce0402a0aae87f979786192f5346b453a79c6059eb26f11eaac50edc38b0408f30440d341cbefe639884fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
332KB

MD5
f4c784850f8224c50b3564c6936f4006

SHA1
fa09c6fab3a71bf2235c00eb63f11edc8aa23168

SHA256
0b0a85611f88b3495f8887d375c6ff114b1d12d44e6a64b4c48e1b81df2e28fb

SHA512
f06d6303e1e152c4325186fae98b9753709e6204358caef6e46107d35069a074d10f4f9f14b297cbb660f658fb9c4d5d44b61e06e52c9a3ca79a0d588da20228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
6a338bb1df552fadbbf4f9cf4f7b633e

SHA1
4e03575b85800ebe5f0cfef5754fa3c07d64806a

SHA256
35e6fedaea2077311f29b016b9f37f69e467646eafc65b176ea4dd3b0191c2bf

SHA512
67a80cf7cbf3c22925a6d447a952894a5f94b9f8b7524fe4242184b5b92d87b4e93e6453ff41fa657c0e10cc0505ef98c0e61edc3ba9eff185e608141f9ded36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5810e3.TMP

Filesize
87KB

MD5
70af16862ad268f198817e3030d07b93

SHA1
662a90e3242ad97313301b3cc78bd51b08c9cc49

SHA256
9356e75630115caa72a7512cc2b0a3aaef8d02690238f68188bdeeec972715f6

SHA512
a502daa64a8fab25ec177d7483e885e216e49a810ab770bfa3c7f4ae8210cf686f37690f67b701dc58dd4fc60520c76dbec466b01476fb233cf4b18fa24f014a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6e4cbd4c0b709fdcfc887e9a48c9bb9d

SHA1
60671570f0674b8815d8642bab8ba5007e448f15

SHA256
ac1f0fae275f493dc1d285c9c9bb9805fd17488dabb80be493094c6d93664423

SHA512
17b03451d9aa503655a933323ea3351df6fc2366458601370b6e5cfc63a4f199e11b37893048847a8f99a7ec73d6f13ea7df75747003af420ade19b1acb04b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\NetTraces\NdfSession-06242024-1639.etl

Filesize
192KB

MD5
071ef277bc8678d30417fd6f597af0f3

SHA1
410dca10a04dc0812bf147a868e8d3ebe1ffac99

SHA256
def7040e6de4354e9c92a65e4a2b15cf3ec7f8eb75e5d14f555a3ca22e1332f4

SHA512
d47c53944770b10565ab366e6500714075fab0af1f265741d006b96012b21d44c398b30f1bd10c5e1bfc6a5b08cd9a71b5a0e91967df2d02ffa8205868046dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFE9C4.tmp

Filesize
3KB

MD5
8b302eb2e81aff8cd6ac3e808fa9d815

SHA1
335007d1b558861ef26584c55f197e35a0540916

SHA256
8bfc7da151c95c795dcce2d6b356811c4e94a0be5a7e4878d5871f9a845a78c1

SHA512
c1a334e9e8611fc83013696aaa722832c5a11a70c2fcabbf890e3302a707001b07caff863711fb2d5ae0b624d4f99ffca539860c3d8eba5fed80f21a5d3ae6ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_phfvjewa.jsl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB62C.tmp\NetworkConfiguration.cab

Filesize
1KB

MD5
29016553d7c2d2c36c27777a9596e397

SHA1
f1c7364e0369a8516e4cff22563347c53603fd4a

SHA256
07287973bf119dff6b3c7a582226f8d5efd272428059154d81087b659d8d539e

SHA512
d861e61fe0489d58d1c7f6a0321d6047194f11642894be02a362371bb058638036a5608e524db128a42177c619bc619be7daf6da4077cbc7af72a9b331873d2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB62C.tmp\NetworkConfiguration.ddf

Filesize
231B

MD5
00848049d4218c485d9e9d7a54aa3b5f

SHA1
d1d5f388221417985c365e8acaec127b971c40d0

SHA256
ffeafbb8e7163fd7ec9abc029076796c73cd7b4eddaeeda9ba394c547419769e

SHA512
3a4874a5289682e2b32108740feea586cb9ccdad9ca08bf30f67c9742370c081ad943ea714f08dbf722f9f98f3b0bb307619a8ba47f96b24301c68b0fd1086d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB62C.tmp\ipconfig.all.txt

Filesize
1KB

MD5
088f51c9eaf0ac5d056f27c8afc81874

SHA1
df107adabeb39330c97621b0963f734b3b8bc203

SHA256
e9a214017df198fd92c514bf3e92c0c8a68860f16e892a5ce332a8e94c89d21c

SHA512
8a2b721fd274ec4ab02797b41f86cc01b3226cccd2b46392a74c5bf5cec12bbd3efbe4bf55742072df564b426a9ab69c6d0195605aa85da4687d184c4d6934aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB62C.tmp\route.print.txt

Filesize
4KB

MD5
bb6dcc02a6ec96b66bd892780666d49e

SHA1
5f6a960430f1f3af1c2132427c7ab91870f6c5db

SHA256
5a92ba9f93e7db6a795b3a04ac9cd4318968af8b51946e04543182bdd13e4338

SHA512
b092470dd78961b3a86b3c69dedc3011b8017ba1bbf9a8913a651115b125b5d2ec9b6d078ed95c5a380cfc84074253066bfb52f1571af1c8ca07b5d3e243ff33

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB62C.tmp\setup.inf

Filesize
978B

MD5
4b1fb63f1ab0f72dd32044b9f47bee2a

SHA1
4015c57bf4f05afad185d139ac84dd555adef732

SHA256
8c210873f96a611dcb6c6cced3cb03be5c0a27c83236451d025ccc510761a5a0

SHA512
e42d7b9107f4177e4ea172678de2a04a8cb8566c27b7d565b956b82998dda7086dad9ec43531b7ec2c770b141a4c98031d9be14666f7f94281181c8cc52f6457

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB62C.tmp\setup.rpt

Filesize
283B

MD5
a07ad431948a5955fe151689311bcd35

SHA1
98bf656434603a7b6ae465e5207c97044e2b2bda

SHA256
f7c159367d191f78231309112d99bb19c30518f9b6312bd582ebe6093939b549

SHA512
8152332af3f3cf24f8d908376d288c0899763e5dd73a67a3b23e7b58b22f820b87074423d98474b3755730fdd3f26c14ea54b3b637c66756e176cd771d91d09e

Download Submit
C:\Windows\TEMP\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\NetworkDiagnosticsResolve.ps1

Filesize
11KB

MD5
d213491a2d74b38a9535d616b9161217

SHA1
bde94742d1e769638e2de84dfb099f797adcc217

SHA256
4662c3c94e0340a243c2a39ca8a88fd9f65c74fb197644a11d4ffcae6b191211

SHA512
5fd8b91b27935711495934e5d7ca14f9dd72bc40a38072595879ef334a47f99e0608087ddc62668c6f783938d9f22a3688c5cdef3a9ad6c3575f3cfa5a3b0104

Download Submit
C:\Windows\TEMP\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\NetworkDiagnosticsVerify.ps1

Filesize
10KB

MD5
9b222d8ec4b20860f10ebf303035b984

SHA1
b30eea35c2516afcab2c49ef6531af94efaf7e1a

SHA256
a32e13da40ac4b9e1dac7dd28bc1d25e2f2136b61ff93be943018b20796f15bc

SHA512
8331337ccb6e3137b01aeec03e6921fd3b9e56c44fa1b17545ae5c7bfcdd39fcd8a90192884b3a82f56659009e24b63ce7f500e8766fd01e8d4e60a52de0fe67

Download Submit
C:\Windows\TEMP\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\StartDPSService.ps1

Filesize
567B

MD5
a660422059d953c6d681b53a6977100e

SHA1
0c95dd05514d062354c0eecc9ae8d437123305bb

SHA256
d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

SHA512
26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

Download Submit
C:\Windows\TEMP\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\en-US\LocalizationData.psd1

Filesize
5KB

MD5
380768979618b7097b0476179ec494ed

SHA1
af2a03a17c546e4eeb896b230e4f2a52720545ab

SHA256
0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

SHA512
b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

Download Submit
C:\Windows\Temp\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_8b9ed536-8b36-45f8-909b-f47ba29b4c6b\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
memory/536-469-0x000001D6F2130000-0x000001D6F2140000-memory.dmp

Filesize
64KB

Download
memory/536-476-0x000001D6F6620000-0x000001D6F6621000-memory.dmp

Filesize
4KB

Download
memory/536-472-0x000001D6F2160000-0x000001D6F2170000-memory.dmp

Filesize
64KB

Download
memory/2400-451-0x0000020058300000-0x0000020058322000-memory.dmp

Filesize
136KB

Download
memory/4344-0-0x00007FF947473000-0x00007FF947475000-memory.dmp

Filesize
8KB

Download
memory/4344-59-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download
memory/4344-58-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download
memory/4344-57-0x00007FF947473000-0x00007FF947475000-memory.dmp

Filesize
8KB

Download
memory/4344-6-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download
memory/4344-3-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download
memory/4344-2-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download
memory/4344-1-0x000002724B090000-0x000002724BC38000-memory.dmp

Filesize
11.7MB

Download
memory/4344-702-0x00007FF947470000-0x00007FF947F31000-memory.dmp

Filesize
10.8MB

Download