hxxps://github[.]com/Gork3m/MrsMajor-3[.]0

Analysis

max time kernel
123s
max time network
137s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Gork3m/MrsMajor-3.0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sdiagnhost.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430178864"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000329545a41a6a186f00682fab3bf22770d2820b7252ba104559f027ad07205c6c000000000e800000000200002000000053fb17e7f94329a5f41b79064434f8fc1d715a45e2b7ece0092129b0f63f0f36200000005d16773f6133be1c222aad43f4c83556d91eafef939f0304d82e9a27f1006a594000000098f47abbb6cccd18ee485d58a84f2bf4fd741a3667a6cf27060b638e51c03f311471d8696ae0095e37b9058f1c7690c78c5126c50d33bce408db83564e7cefb9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000836b0c1767bb595594bd3734e98f349599b8a6ec6427ba960a2a50b091be8dcd000000000e800000000200002000000033a8bdf3ce29c6d3af648293fd1bdea9f2fe7790416e9af20878bb06358d758290000000c4e3380fe22e4644f970c12a4ef4048e3cc2276319fe5fd98a6755854bb40268c38ff781b48c2847c1760a31361581ce7dac86185426a9ba9c020c57c9b58ce99cc60ca529ddf9a0829758728e149c13efffade14ee2cf29854c0a35a96ce4e58b49bd5a2689d96a2f30ba95689492fb0407a7228172880466d08ea58f2bd38dd2ed83f761fb73cdbf7b8943d7df170240000000c30f0ec40c6980c1cd9d6fcb5c93fd0c86959df9579e1c1138145bc802c68baee1d64240df7997cbed587ff508fdb8676f54d7fb9eee24b5b3dd644c2c775da4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F00D3BB1-5DA9-11EF-B8DF-E649859EC46C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00fe9c8b6f1da01	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2920	msdt.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1824	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1824	AUDIODG.EXE
Token: 33	1824	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1824	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
560	iexplore.exe
2920	msdt.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
560	iexplore.exe
560	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 2320	560	iexplore.exe	29
PID 560 wrote to memory of 2320	560	iexplore.exe	29
PID 560 wrote to memory of 2320	560	iexplore.exe	29
PID 560 wrote to memory of 2320	560	iexplore.exe	29
PID 2320 wrote to memory of 2920	2320	IEXPLORE.EXE	31
PID 2320 wrote to memory of 2920	2320	IEXPLORE.EXE	31
PID 2320 wrote to memory of 2920	2320	IEXPLORE.EXE	31
PID 2320 wrote to memory of 2920	2320	IEXPLORE.EXE	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Gork3m/MrsMajor-3.0
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:560
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Windows\SysWOW64\msdt.exe
    -modal 459092 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF5FAB.tmp -ep NetworkDiagnosticsWeb
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    PID:2920

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1892

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3068

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
96ca343b22c5cd5643a9a66d568fcf19

SHA1
cea1b9f2b379536aaf81f4e2884294e814140963

SHA256
bd6f92828ac62beb5087a39c0ab73055813d3d3190efa99c3c00538babc90099

SHA512
c37415a2ff66a2113a0c33bb32cf4129c94a4176a07178a77f202c06bbd4de2e5d173ba4f29ad42c3dc6e48ef4f94cf42e959673fe7b8833447ff199eacf10e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59c2324d15c82601135239e7e0bae02e

SHA1
aea57c6e60b6624e6986a7a61483c2585680e128

SHA256
432578c1de54a758f06695a1411178b5750efc96e1d79fd48fbe05b0b4987cb3

SHA512
3e14adbe5e131155b54ec50743514e6b2ac3e5f89ccf17326d77d85846b18eef475280ac4020f46187d16988eca78d6de09dbc2c452e03baa39b59c20183bac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17b508d5fe25be25e3e878c6c6c47737

SHA1
5819b51cb724d0b9eb09ddc163ce6930899aadda

SHA256
0e25312f520c824d1d1dfe43107a5dd47c51761496a25ecb153259726166bc1a

SHA512
649dfea49521e46301509282d2d85b8ce1c3bedc6bcd7c5289e1526054a22e8235ef1d3277b8a3803d45b09f02dad08c2e4bd84fa07036da8e9cd12ee52218f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83b66c8a088205e21587f5a781b5cf97

SHA1
e8271c37eb9660f0becf8bcbb8385971494d6f09

SHA256
9e30e894431291d059eff8ccaac88036ebc93735cd8ca13550c3f7729e140f1a

SHA512
9a82cd097dc68d7b3e0d40639afe7fee095e0c5136a17d0c8dc8f8fb6a82444d7080809bf963e884a0b35ee5552cc19eff4fb3972c5ad1ca41f82bdbd1ca726f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aac245e29ee86acec176eacd33356af4

SHA1
d7a208eb22fb6dc620d945184898ebe86fd83109

SHA256
095629bf6bd21a293cc3ec1c33e979d8a9511b6c56e836aa4e316044e65d904d

SHA512
20da8fff89e52193c6e884ecc5455e24538bc4d5e502905a6235b469564348fa5623b6262a11ec6aa0aee22d3c7027b1a09a9f1cc31280dbf2bacd4b2c7e6a7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d56da4b8380e0961b67f1d51cf5d2101

SHA1
216abc3e5aad14c75ba061705edd9f8c94971afd

SHA256
346d47b70fed97defb789f98c53c5c4bfe8fae31d13cd3cfd5033c5c76639990

SHA512
55cf896b593301220db6539b8db060d901eafbd5971cad80d70c58eb7ac759d9114cdffb7106be4236e86a713c9a7b264363bea93612d6b29f7d92c3f9ecc911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
535cde4254d06013fe956a45743f74cc

SHA1
b10f684c94bf3978e6a4c4fe62706518271fde15

SHA256
892164a7a000c3effe1eea30404c9f5c3d720eabf57b16fd4583aba97796929d

SHA512
207d6f9c4661eb3c6d070d057cd411bc31ee526130d328b0dbf927999ee3444893bc3bcc87e9ae17d833b8c0e79a0d6f43ffcca93c18baddce154e65ade976f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29329746abd7a4812406a703262b2cc5

SHA1
abc511783cc6b0df8f4d4bc6bcffcb827bb2e28f

SHA256
2812ca5c0275407c33d2126aabff28250abfa2d2d73636f3e3663c602652d2da

SHA512
3550c857ba291e27408acfdf8f57889dfaf0b861efd0b65213db932651def118979b3a86abee898f62d82d0d636bc9a10c2df47317fb343e30ab47f8ca13f2eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
100e5199ffab0b22d8ce14bb6b057d97

SHA1
20520c3a0935859fafb340d4e4b51e171c1c4908

SHA256
0aa109e165ccfaae4e67feda7c6f0b28ff0a93fa6a796c2e6b69ecdd5a2fe8e2

SHA512
3f533a0a62d960fd83be9a81f01cbfe6c2a180f93670ad23a834897dfc8eec78cb82027cb4e0901d5eb8e1f0c58d763b550ddc36c9723920c49d445bc2b3f845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3a95250777e213a0eb9135c4458db6b

SHA1
d93a45c9ff3a8e7c3e8238c006e13c9e7201a740

SHA256
182c6b016ad7b33c4c8103ead4f393540be4e14d25ab382403a70b3e8db5fa0d

SHA512
372c49d2be5570a58a3fb03b86cddc1f40b4736abd5cee6589a634a3b68688874d1e10599f2c5e258c06079790d2e14736d30c595b60b84fc449e0f59264ee2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c66e831b667b50f373502432e9a51ce6

SHA1
3cc420d59970e9a4e2463134fb7fb929d65bfeee

SHA256
f313d4cf7fcb9a680e4de0330ebdaf6d9c841488d282a19584b29f36bdaf9ab7

SHA512
f448ceda38505b4714ba8622b9479f7a6d09b3880572c8c99fc5bfeecd1ee3c76c21fd19490ed8af7d1094dfcb5635465f793fef808a8c95cafc36ded37f6546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
88564558cd960ab9fcfd2a60da94bdc5

SHA1
705dcb1910b1a6d62426512d00dfc382fb046fc8

SHA256
56532f7bff1b459bebb786cc5e0af5751076bd9e0580ce76e93fca9f1a23fbd0

SHA512
7763d1c60d4c34acf1a6c4192eb499091b4205c20425e1e7e1e3ac7f7c099e12988f254ebcc66d3622e0c4ca08800e4603412a491799e7f60ac4e1154473fb87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B08.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF5FAB.tmp

Filesize
3KB

MD5
5af5f57b07ebc06d68b707fd1d234183

SHA1
42c3c5540cfbba5bca9f4a878d80eca1cd5c05fa

SHA256
d6cbf744061a9dbc4cf31cb137c6e5114aeabe927838be3b807719f66ecf44a4

SHA512
613eb28e810d137a263ed6fc323bcb0217b80183ca425a12fe57da4546cea44fb679294973169e5d86b76b4fecee27f6b8ba6031dfb6dbc13ca5bff651eff926

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C43.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\TEMP\SDIAG_ca5e032d-83bc-41b0-9499-5336ed2e98c9\NetworkDiagnosticsTroubleshoot.ps1

Filesize
23KB

MD5
1d192ce36953dbb7dc7ee0d04c57ad8d

SHA1
7008e759cb47bf74a4ea4cd911de158ef00ace84

SHA256
935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

SHA512
e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

Download Submit
C:\Windows\TEMP\SDIAG_ca5e032d-83bc-41b0-9499-5336ed2e98c9\UtilityFunctions.ps1

Filesize
52KB

MD5
2f7c3db0c268cf1cf506fe6e8aecb8a0

SHA1
fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

SHA256
886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

SHA512
322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

Download Submit
C:\Windows\TEMP\SDIAG_ca5e032d-83bc-41b0-9499-5336ed2e98c9\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_ca5e032d-83bc-41b0-9499-5336ed2e98c9\en-US\LocalizationData.psd1

Filesize
5KB

MD5
dc9be0fdf9a4e01693cfb7d8a0d49054

SHA1
74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

SHA256
944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

SHA512
92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

Download Submit
C:\Windows\Temp\SDIAG_ca5e032d-83bc-41b0-9499-5336ed2e98c9\DiagPackage.dll

Filesize
478KB

MD5
4dae3266ab0bdb38766836008bf2c408

SHA1
1748737e777752491b2a147b7e5360eda4276364

SHA256
d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

SHA512
91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

Download Submit
C:\Windows\Temp\SDIAG_ca5e032d-83bc-41b0-9499-5336ed2e98c9\en-US\DiagPackage.dll.mui

Filesize
13KB

MD5
1ccc67c44ae56a3b45cc256374e75ee1

SHA1
bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

SHA256
030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

SHA512
b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

Download Submit
memory/1892-764-0x000000006FF80000-0x000000007052B000-memory.dmp

Filesize
5.7MB

Download
memory/1892-435-0x000000006FF80000-0x000000007052B000-memory.dmp

Filesize
5.7MB

Download
memory/1892-434-0x000000006FF80000-0x000000007052B000-memory.dmp

Filesize
5.7MB

Download
memory/1892-433-0x000000006FF81000-0x000000006FF82000-memory.dmp

Filesize
4KB

Download
memory/2920-763-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2920-432-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download