hxxps://appfill[.]com/downloads/com[.]mojang[.]minecraftpe/

Analysis

max time kernel
89s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://appfill.com/downloads/com.mojang.minecraftpe/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation	MinecraftInstaller.exe

Executes dropped EXE 2 IoCs

pid	Process
4704	MinecraftInstaller.exe
2404	GamingRepair.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MinecraftInstaller.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GamingRepair.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721764141464378"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
5564	sdiagnhost.exe
5564	sdiagnhost.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: 33	4632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4632	AUDIODG.EXE
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
3884	msdt.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 5068	1052	chrome.exe	84
PID 1052 wrote to memory of 5068	1052	chrome.exe	84
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 4888	1052	chrome.exe	86
PID 1052 wrote to memory of 1408	1052	chrome.exe	87
PID 1052 wrote to memory of 1408	1052	chrome.exe	87
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88
PID 1052 wrote to memory of 2848	1052	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://appfill.com/downloads/com.mojang.minecraftpe/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ffb51f4cc40,0x7ffb51f4cc4c,0x7ffb51f4cc58
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1500,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4936,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6064,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=208,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5732,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3820,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5696,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4772,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5740,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5236,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5440,i,8075491974930304406,14620154767865013759,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:3456
- C:\Users\Admin\Downloads\MinecraftInstaller.exe
  "C:\Users\Admin\Downloads\MinecraftInstaller.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4704
- - C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
    "C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe" scenarioMinecraft
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    PID:2404
  - - C:\Windows\system32\msdt.exe
      "C:\Windows\system32\msdt.exe" /id WindowsUpdateDiagnostic /skip TRUE
      4⤵
      Suspicious use of FindShellTrayWindow
      PID:3884
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeploymentServer/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeploymentServer_Operational.evtx /ow:true
      4⤵
      PID:5744
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeployment/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeployment_Operational.evtx /ow:true
      4⤵
      PID:5788
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppxPackaging/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppxPackaging_Operational.evtx /ow:true
      4⤵
      PID:5836
  - - C:\Windows\system32\wevtutil.exe
      "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppModel-Runtime/Admin C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppModel-Runtime_Admin.evtx /ow:true
      4⤵
      PID:5888
  - - C:\Windows\system32\wscollect.exe
      "C:\Windows\system32\wscollect.exe" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab
      4⤵
      PID:5952
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SIH" "C:\Users\Admin\AppData\Local\Temp\registry_SIH.txt" /y
        5⤵
        
        PID:6024
    - - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" "C:\Users\Admin\AppData\Local\Temp\registry_DNSPolicy.txt" /y
        5⤵
        
        PID:6068
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_GRTS.reg /y
      4⤵
      PID:1624
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKCU\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_GRTS.reg /y
      4⤵
      PID:1416
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_AppModel.reg /y
      4⤵
      PID:4116
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_AppModel.reg /y
      4⤵
      PID:5156
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_Appx.reg /y
      4⤵
      PID:5212
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\ActivatableClasses\Package" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_Package.reg /y
      4⤵
      PID:5484
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_WuPolicy.reg /y
      4⤵
      PID:5248
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GS_Service.reg /y
      4⤵
      PID:5264
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServicesNet" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GSNet_Service.reg /y
      4⤵
      PID:5336
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameFlt" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameFlt_Service.reg /y
      4⤵
      PID:5464
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\Xvdd" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Xvdd_Service.reg /y
      4⤵
      PID:5644
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblAuthManager_Service.reg /y
      4⤵
      PID:5716
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblGameSave_Service.reg /y
      4⤵
      PID:5760
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameInput Service" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameInput_Service.reg /y
      4⤵
      PID:5856
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\DoSvc" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\DoSvc_Service.reg /y
      4⤵
      PID:5908
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\InstallService" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\InstallService_Service.reg /y
      4⤵
      PID:6084
  - - C:\Windows\system32\reg.exe
      "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wuauserv_Service.reg /y
      4⤵
      PID:6136

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x2d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5072

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a12395044cae06f72b26f8a504a09cb7

SHA1
3d0611f832859035f91178213e0403f5376210b3

SHA256
d22e5a14e56d4f07d3caf0b30dcb9159becce6dbe375d045b08f6a761036d3a4

SHA512
0bf8925500bc5f49705b1696f830b50f44bebce27276f7eb68c0c34efd25453ec011a77c1f8ce4cbf26c9cb921ffa2d1d35ea01964e2ff47b6beff2a8a4a7dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
32KB

MD5
bf2cde7a2614ddcbde466849c4ee4d11

SHA1
404913b181bdd163acaeba5103873f10651a2e93

SHA256
2b58f26a304c2cf1ec66c15a2c958e38056add33fbc22b2d40b0889b99afa640

SHA512
09a45cdbc7450f80cc4cadab962bea5704c8256606c9bc29b6aa883abb861f1bb50c5c9b0b236aceb957a3e2499f79c4437e47e3fd348ef090b08393ddf1a538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
207KB

MD5
75b4b7cc3178047c09aa397facaf5d7c

SHA1
9cea223d16879403a254e4465e221c2209f04d02

SHA256
626822f81f890f9d5d9fcbe1e25ed1039d9eaac45de41ab09ea0a092156726f9

SHA512
bd6d68d26b33cd0e38f0f24a41afe980a39220718ee28c0b1ab479f89f9fc3b98a16a59104578605e499f0086058b9b30808b8c3043a082acd49b03033bb71be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
37KB

MD5
f7bb397be4dfbfa13cdd90517e93e65c

SHA1
285073b9baf7d3d79eaeeccdf77f28229857a793

SHA256
9e7cd786b811f5049e9ccf9f4189f4bf22b88803583df816b853c2e94c85f48c

SHA512
dbc5c4b823477a1820cd2ff71d64403e66b488ba466539d6c16461db7af7e6f18c756fd9a1801e5251cbe3fe95b2e61164fc45f6ddc6847e67e8e2cd6223cd0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
188KB

MD5
f08ef5658ae8775a57c4d791f1ba3d40

SHA1
29ad29a135af2d0ae6a085ab66e9b794e038aa28

SHA256
1fcf560d952b3484e6f8084f7c8eefa7df0293ccee95d8034f8d00f916b89301

SHA512
21cdab542e42b82b829cbf88637591f8db71c0f41531cfa1aa57105ff9b48ef32a55540dccb986ecd44bfedd888f1a518363b05e4d085551201221861ae6f744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
93KB

MD5
e849ebd83dffddd51ce6dca17267e2cb

SHA1
f9f93d81f2cf752b1855c9cfcf8fe4c26c7caac0

SHA256
9041abc68370cce0079bb2729fd84fbc480865b2a3c8742192180d998247aecb

SHA512
be2cd7d4d319f2cb112d0e1e1136513147ba1f92e7c3b004ae85b7f1597b7704427c9154a6d5e4d7b4a007bccda1c7c041ed6136ff8b4dc532fb3d04ff5b8447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
93KB

MD5
3cbce08aaffa4c9b44fd6c929e6455d9

SHA1
b76cc2653f095e09139bd2497ca0fd6e91c8af57

SHA256
9b83a72e09ad483c62a59745eb4a72164b9ac105f29d410bf8c8a795395c9d70

SHA512
f78a058040a82f68716cda34f5b4d7124487c5e4bc1008abedf1b195620f29b95d3741b0e3b66eb0d1c9dcae6f33bebc7606cc0363e88eed3e4b1d00849ae157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
78KB

MD5
fa081c054a486b85254da982cfd75abf

SHA1
70b162f9729196a3efe3c9a06768fd8f694e8f63

SHA256
474081144877b4f1b222d9c4fa46be5dd9377221a2f1dfb532e9fcf66890068b

SHA512
f61f9eed9a6dec55ef7ba6f6eede508d9136df8ea0aed3b7f0e26a2993fc8a319598d1914ecf474435e62550f05665bf714471975a3149442893e03377a61a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
106KB

MD5
3d772a048b77b70bd3af7616ca85c740

SHA1
22d4f10133100c93ec9be559144970b3bd226159

SHA256
9af4395796c52736ecbce8821ef03100c09f5e72134bcc691a71180ef2fdf950

SHA512
34753b1438385d40e667157b17792791d5880bb1104447311eafc935d683256f71dbc7776a3b509946040bcdaa57c3334d5dd61073f9b3973657897933acb815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
93KB

MD5
a6a06155bb7d02d9300752f9f4ddbc24

SHA1
f0a085717317e27b159b33de3d6c826b395b5702

SHA256
e822b6c5208f01ddea7549ca6e12481e76b7d81e6dc20ddfac7c3560dc5ba668

SHA512
71e622a3baf2178755a58ea3866235ed08a870bca76aa416c16cde76984f6519377a62641cabb9daf83f12f44e3a807f41bbbc7100a7499b8c50f278dbcd362d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
27KB

MD5
dc61a5253d3e4aa1029fc7b78003fa59

SHA1
dd21b4bddcc2d702b866047f61b18a1c55794e73

SHA256
7d34bc0c2fe94bdfc55853e294a25514818f2c12d7955135bc3ae449ef8c80e4

SHA512
17f817360cfb6dc0ad51e45bf33d1930abe5b0fcfb6784addcebd17dff72407ad5e74fc8da68f0a5560cc0fed91dd563be62d9c40c6722871c84a0b4b4bbbfaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
52KB

MD5
d5bfdddce9b0a92d2d45c505efd034fa

SHA1
d4eb2db00546c901aa5d052666c7f8abadf2810d

SHA256
8915e72c24594672f5b93af320e69a926a426d89aca9ad846ba52f973f1c69b0

SHA512
e1ac6712085661712597a85fe04fcc4ff0f70efdce227df937792332586a3c5956a4d698972db85757e892acb8a6cc6817cfaa587ec39a743c4d3a7e62c98222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
57KB

MD5
0d7436dccb9c8a9121a0dff55fbdea78

SHA1
6d6a81528e4f681206952b4a49a5d271800786ea

SHA256
0c14e8ca7af13fbc12bb9589152536846e2e622505465a0eb2397b57ea9141f8

SHA512
044f91b9f7475c5880a2ff106eb530d6bc9203d6f9bf4fabc4f1d3ff892e48176ae701894e8478ae12f43b9b7c501b5861eb6e317cf62e786380e7d3d528a86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
25KB

MD5
b70dac13349dd29db4076c1e028369e3

SHA1
65125b0833ec3d3ad47b8e808a2150957f7d80d6

SHA256
45b7a5d61beb5dc7f3ac593ab2f4d232cc2b86483b3db651026a56fc59b183df

SHA512
1eeb361828d46678bb35d5f37d4cb69fcaac53ae1daade44eca6938c041bda677f577577f3c1eb4dca1f3c33ed8e00344d4d4b3cfb2b0cca1f842d466a763251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
16KB

MD5
755b5b1288a0507bbe4a75ced206b0d6

SHA1
f5ceda0402e5605ce94e2905219f6d3e05dc5e90

SHA256
fd6bf16795ff4e9fee11238f1148077426b70cc341797d0f75369711e4289222

SHA512
544936993f21eca9182a0b79a6c243a383ecbea948a7ba59ecff7d0298464dc3f68a006088fb343f7b4dbac67962606a94a69f7ed467f019ad3d601c065ace9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
210KB

MD5
9a3a0e801a6c5ea4a0c813b2202c3122

SHA1
37496df3653e1507f3d5b4e7d75596888f95c5b5

SHA256
ff6792b08608487c66abc23642d10500dc1408370e5a6800c3a997410a7cdd24

SHA512
e23ddc20cc3d9570841a88b0b6fbb8d57dee541bac6ce3bc7aa3a7d638afa561558f48b94177e1192c522fdaf0d3208c8be4f3009b30803bff2ed09792bbcbed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
119KB

MD5
600f60a1647217fc2f3e7d75ebd86422

SHA1
d032539c342ab900a79ca686837a43750aafbb89

SHA256
1f5240cae517e0d864ed5549de07e621f15ea8d29d44d93ddb510ae474a5ad6c

SHA512
377462bca70267b052127b8dac9e19e53269ebe7b5aaadaaf183bd1a4c5939539f735892b880563bc23881ac8629d7953fb003db83299e65b6bcf8f296df0944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
19KB

MD5
244cd9fd25b9ae87d367924eee980de6

SHA1
cb5c39d0c3525ce88f367851229622004f527a0b

SHA256
13073fa4fd4b7f0baaf9653db46e5bbe5046cf2da009b94c01242ede3daee0f8

SHA512
a4c230ed97492cdc90d54cc97c3cfe0d13cbccfe3654f29d754c98c2571ed7676acf1d2183d3fc1734fca660c5cbd1f9485aa469329f56da45d67fa9eddc2342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
18KB

MD5
539011b799990d9851f6350858332e47

SHA1
b77fb9f82341e8c8cb65f65bd9273942556af38c

SHA256
321eacf2b78212cb20ae3ebb27d35cc9b2c7ba8a9fa65ad8b7c292f826bf8099

SHA512
499df1c11b0985636e0dca3057024033f23159de94bbc87d484189f50cb2fdd12ec3a5f03b4e7ca314f853d77b8e6fd21d0f83db579a1ae9674e1a038b15fa18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bb5867122a48fb40fbb97919678acfbd

SHA1
ae37d819362c2a919afe511d399f2a6c4febe167

SHA256
473659761d40a0ae393df336bec98bf240f68fbc8021fe1d19bb6a08d046f933

SHA512
1a5db16d2333e4210e68545a949a83fbdb73090a41fa825cf2a6e0d46d8db14331d042a4449d5d8d4e48e5d7eb612c1541636fce58877cdd43ab3912d9337018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2796bd8284210780238977ee5eb23f7

SHA1
8c5c89d9d90bd94128d65d72f41da99c0f0eda7a

SHA256
8627ac0e9c3c588c637b95efd0cb505650270ad3cbe5026e71fd1fee7f2b8396

SHA512
5759b060832ce96f54e28b8d3aa92755a7833ee61f4b28185a8f305a0aec820fe7932ebce4bc88d9d01a806f92de991b9bcce0936fcf5698cb7bc282097e8392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
a0408b3bb383611fdeed2432d37e5ee0

SHA1
a2a831c541f6bee4544a146d5705f2190b325209

SHA256
bc83faaf71e1b295298a3175d9dd376ef0793b3c8df2a7b288e555d84a2bfce4

SHA512
52c113af82ff9fce7b0dc7dda1aa03d6a6b0968978b67f2a4166858bfca09e9c3ad161bcb4d899c64f7421b5fe7b5e82de3aae7d7d6513389e670e5901757a5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da305e17e283ad22861b037fe095b9c9

SHA1
aad3e5399d4557ff36c10d2c1d367bb8810026ef

SHA256
6270d248fbba0f3fc6351651fb1fb14b79e8000774db46be6930a730cdc2bfb0

SHA512
b0a1e4161d76840cd67196c011f05653f0136b44854e9104c2b1a0f7ade0e72323479fd04a59c6174578d1e428ffaf46d3a9eef2c752a08b8799f0f56397b35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c75318e482010cc6c4ab5ca5f33179e

SHA1
7cbe6f1b970d4b9a7674e782b46941bab94e4809

SHA256
4398c387cb14e454c430dec3f5fc6e7e8e60405f57e6f33404e97079276032bc

SHA512
60f8a7fae7e5876067b686a7be6046e42b051da0d85d3f27132fb4c28be851a344c4faf2d67aa0cd9b8d1a99124dd38aac0ce37571d6d38ba1af3bec5e9cb514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3ec140c490372b9ff10831f60bf47130

SHA1
90ebc32b75e6f1a9053ae20766dd21f98b8aead4

SHA256
47f38a0da603ff2159246256ab8092fb6c8c38469e0adda36a0dc933f433e5d4

SHA512
06e830c25f673f401123dbcfa746b604f4f0970241fd55167db8284570a3adf784b743fb864a366d2cec0bbe894f7f5ec3ad29b8d5815d154b76301f5e0b6465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63711ccfcbfa67c119a6b3fcf2750bc1

SHA1
54811feb0b8883cbb9ddbe20ef26dd821ef62d8d

SHA256
317e1a5e745d2b3dcc846e1086140f7d55968d0a920e94349cc5f6349298655d

SHA512
7bdb1ad4e7b8aef4eb493c8ba8242369ff22bbcd74c06cd2c85bf1f9f87cfa7161d7f9ca2c30e452ef97be54ea4a97639a2da2089e1e636203a77725cb87ff6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d084ea3138c88b74d16270f0aaee72af

SHA1
ee12e02c5e47fa1153f8de7305a1f8f41fb937bc

SHA256
55528cd86e23cb8a803456fc382a175b08c188a92520ae37a14384f7adc9d6c5

SHA512
295e7685c3060d25b7fc2b0527dded64d2d7886c7f4c1f9e99e21e2217a055b94101632c4733fbfa8d4e95f85339ca127a393566c99a810c1636febd714b0b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d0fff03c31922109c6d6dfd2397d37e3

SHA1
c0d3651e8c7d4765517d75149832345d01a25e8b

SHA256
0a83f795218e9116b3552bdcb85ada742724535c90986e63f3144a3ab8d1dbfe

SHA512
4febfa306a513f22c5f8dd9691abab1ce23daf6ee8694ad924185958404c36333750029a42b31458627b84d77f983a94ebabc2949190f2f83bc818015500473f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0e7dd812068a627e43d469f585281e4

SHA1
8fa4b2e9d9670cb6c2248756728e08417bd2cafd

SHA256
8f180a4b1c50f22edec016582c223d7cf1ebdef527b259d9ef65384f334fa813

SHA512
028426576736c55b658b205d3ced842137e822fb8a510930a761bdd94db2d086a6afa744accffcd2642771a8e27fe1250bdc5e5048ba7764fcfcc858432babb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
291052fef9b32f7fa47a1d3af9ea50c2

SHA1
0ca96e4cf652997171297a426ed2eab641d902e7

SHA256
951cf23037d74abc4ed6629041be4219b8708c51df385d62b2b36d8d3d768aac

SHA512
d4e43febd39028641ca119c7e88312341ac9f1d68bd03ce7062b179d67ba7c801fa8fc95efcc5698787246581758bb5ea6afe8148e3843850b542f17359d436f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25fa2b4b87cf5e95f3bdebbf7073ca2d

SHA1
e997fe15af2980abfa61a2a8c50f7e375f674088

SHA256
9073dc1c9555fd0c6f043915a06a57f9e46ff7c69812f7f7e23d993bc492c5da

SHA512
cec6d9a364f88da2202f10abb5010fbef485ef532686cac67fb72a668321f199e2c862bbe330175c4657f003cfbbb5e618e12d19d076b41269fa81626c18a749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8895578a3a42bfe0896c139d96480413

SHA1
a2a80baf0118fd3b84760cca7d27b6df566383fd

SHA256
1cbf6ac163dad401f693fc981f76cc2119cda9a69dd1b978fa2b42d0459f888f

SHA512
d05ace4aa1ea82773032ae6a98e6af5ea3bc075b98be8682cf43361e2e56e80ca099c8b115b200f885b5a8dc6018438b6c9f444d820650799ee116f074e8f47d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
e9f83c3da947ed36f541bab84f6c3bd6

SHA1
45d14ecc53b6245fca58b520288d80b4d17d54ac

SHA256
033ed5caff6d52f9c48332bfe17162b953059b2eec5b98676139e2af308edf35

SHA512
d3858943643f03b5004b90fa5ed4fce4134a51e8bce7648d851aa0f5f6b79334304ca02b71c0c5d4a35344d282bc9136883dc9b86f9eeecd751a3a24dc957572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
4bee37b33d30ca2d0e2ebeeb24ed5ed5

SHA1
d1306901e6ea07d42a484e628ba52fefef19f948

SHA256
85f2c83bac8ed607b77d11913d3c97113ea0d82e8c50d1a7eeaa4f97c3612198

SHA512
5d03e2caeb8e90099727113aad5ec8c44689bacfc3c87b4dc922ce188b70251df0e5e26899ac0b6f9b391f31bc6775e1725ead4b5a0403c77605d84bac56b01f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
5de20005aaf44fc9be23164e54f33899

SHA1
d0abdab09d4921f8306479efa8686b09332f675a

SHA256
d384d34061fdc93a03ea32b079312f3b3f7c1a2d90b1b3deeb8e46ab1f67691e

SHA512
8976ed46f345f1688293b3f7e7637de0fb52382114921d3b9924d07abee88f17a36aadd48cf6c4d9e52b4ff89e9ad84e60ad1af59960dc6fb452956931e32a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
113KB

MD5
53727e7fcd4074eab7558e865e91ab8e

SHA1
55f7ad3b6762578803899bab9ecef6a0bbbd4ea5

SHA256
73b5cb95c581ed9b3b16fdce55c271d3e209a01835c2d7c43cb80da85005a6b6

SHA512
8afbe471dd18715d32d38fce36d4a02257638a72a5665b9cbdd3be2f86231b5187fc7ec9911cb8cad9a07d94cf7fa88ac3f064d78666d54ce53306f8798f1b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
113KB

MD5
7e3c32734928a591534acff92ab607b8

SHA1
c1bfd18dd8a4ab577c8ebcf054c3a5bebbed37b1

SHA256
41e810ff80f609cf74dd0de598ffbba822b93cd81133acf32bbb2c55a471e574

SHA512
bf25ec4c62ee3b40c6de85dc0806cb122498608e3ed62fb3e19955e2c99262d665d36ce0c9e3344a716d96a92b7059afba689b9d49f5d4f87e5e2735728abd7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
113KB

MD5
2389ea419f8c9d50a11f8ecb9010f6aa

SHA1
8fbb576ddd64ba4a1706181de723285db77bbc9a

SHA256
97c0251f98856884b70927a15fa70b2813bda24d07814e19b3d91a4c02782f07

SHA512
d1bf93be8763b0bf4f908fcff898a8b55b031923bcf7cc456a41e5bcbdba49dad52a185d00bda19db88098cd21746fb343a93b0a963fd37b1af4a53fd83c2f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
bdfd820754445dd045a3813066ed6346

SHA1
654f041340dafb0ff02f7ef02d12385a41ae99c1

SHA256
f97179981c344edb0968b751734674969cc359cdb8296d0b18634f592a86f75f

SHA512
03a3870d641566b36620a987d518f923d75bb8d09d1cd69af50a823372cd9a46183a01d8dcee037f58fc0958ae952c843170fa012425785c6a3d3d9f94c04bd8

Download Submit
C:\Users\Admin\AppData\Local\MinecraftInstaller\deviceId.txt

Filesize
36B

MD5
394627a7e14f60ce00fe8b61dcb8134f

SHA1
18ef1f9ce7e9d1faae1d860f319c82cd33b9587c

SHA256
a37c2682a43c5b7dcf82b183e3a2a7f3dc6c14cea13d8adcb5eed8c8625a6f0d

SHA512
d050173f52700cad6064ae1c6cdbecdb7df91d53d9225a281dd0fffe038295ac7b6d0a406e260932f4bcc06e3be0136a8f0132cbef29df63741d85ae727c525f

Download Submit
C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_Appx.reg

Filesize
381KB

MD5
ac4bdc4d82f295fd3474f43ad8265026

SHA1
5f25beb618c06bfe5fb73ebe2974480fb8b98c35

SHA256
dcd31638752455e1b5f48ff843aa44507f89a9908ece8d53286766114fd9b2a3

SHA512
6aae81c68e79f701d7d12df2d052ac19a2d82e4e21d8f4da6765e9506190f253d82c86becd449ed97af5750f094f930107f8858e08599107eb1626401c3d512f

Download Submit
C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\StateRepository-Deployment.srd-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab

Filesize
615KB

MD5
9f89d8855756a1012072fceb1f70da27

SHA1
0c399c43aa81c3de6e9424bae171c728367d2d92

SHA256
3e78e85ec859ddc7621f1a3fbf9afe4161c8ac50e74effc20aff78cf123c71c7

SHA512
1855a0fb27a8e3a2cbcb787763c1e630277382b2da3212712f22be062c6137e7857118be1e0a40fdb77a3585bd14ac6e841934215339723047944de0b4e47bc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe

Filesize
557KB

MD5
8a4e72a29c08ae2cd13bc8ec414b8fc6

SHA1
26f8d73bc6f5ace5cec6e3652fc6410a71298498

SHA256
6513546697c3c9deb50d8dbb0cc9aa0be55487538ed482ec16b6264579de1539

SHA512
77eba566c65de1327bcacadb1483f538b4e5da67c3607398d745173ade25e987f59524a5ecf065dd5f95e26654cbb5a48dc80fae995d5d2dd63c63b2cd98fb98

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG1C39.tmp

Filesize
9KB

MD5
dea15220ab9984e295157d382cfec094

SHA1
cdbcd5039455e6d110609816ed6f1a7060679057

SHA256
b5a6b4e180131f85a755fa50a62cf88b56e07206c485136614de6a5b06036b56

SHA512
b1fb54b02f16ad5e49e6a205f46f2115151ae4a6c052099df8d736fd68583054233566718d7351100e6a1d9b586f44145be4b0e55a64398edbae432d312d2246

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG1C68.tmp

Filesize
270B

MD5
edcaaed49057b04d804ef38622dcfeca

SHA1
200458ae3a380983860136acca9b18d62c5bac76

SHA256
b9532ca922a984f207d3a82499308fa038e1d78169b534b8d7fc116aefe5a05e

SHA512
052065767b3bf96cf1314dd8c42940ace0d256eb7f536de0b642f5816dc0b5e6db3ce9a10450e9564b7c932e9261a9d78ca7929a4537646cbf7d5ee8c363b5fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG1DA0.tmp

Filesize
598B

MD5
313080e8dfc56e4b2b612acee9d7c077

SHA1
de845b038e8b01bcc98eaf725017abbe3444394b

SHA256
dfc1fe51bfd3ba9834c968d73c3dd81d60fbc64eed90cb792142924c1a76e8cb

SHA512
a571344ab5e5cdbe9b48afc884125838450a4d142d8f753c723858c24dcafa7539d394f0f9b36d1c5ddf169880a199689af1d48d5ff29f8de38d520ac069edad

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG1DBF.tmp

Filesize
425KB

MD5
053a8ba6b98c3492d7007d1b036ddf8a

SHA1
e02377901f64188754a7946a77048a30e421f1d9

SHA256
6a4a966bdc52957bf0fa112cfa0cd042c0b5b4baf5282eb745147f3f560c5fd2

SHA512
690083964fa5a22f844b326f7fb9a8d76de1559792b126bc8596af1361914377e726382f6006388b04329eca115c4e641b7ae29943fb5c280ffa7cd09491dfe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG1E0D.tmp

Filesize
4.3MB

MD5
1c5fae8ebb4de57f9f52b411a6b08b23

SHA1
af3f6c313e2a29a5a6e36b97f91a9bdc8a0ca4db

SHA256
e6a4cd0c2762654532d1b93049d9515cef9c02b6e3af141f5074ec9fb86a9dd1

SHA512
36941c14d3892b3884e26b523fd4c77e3ebd214f0635dba2fe7268b5b6aab5867cb5182d568fc4ea0037b822cc17fc60e008e2973b7d13eb0c446b48a4db27b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG1FF2.tmp

Filesize
11KB

MD5
9bc291996114e145b77beba1294c78f5

SHA1
1121f2f1c1b5ba8624510836fa78b64a07da008d

SHA256
b62c81b72cc871a27fb5c797c9d70d155d37fd3fba87e1551630da473b18b69a

SHA512
10ab1a6c6fd215030dd1b6b30011207c52009d8a3ebb46e5cd8a8b3614942e1df0a0349259f8845aa16334b911352342329b640ccdef371c880081711f81d1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG2040.tmp

Filesize
740B

MD5
5b20f739acefbfc6237c04f216466883

SHA1
738af05cf8a177e14726ae4c4affc6d9b94da6a1

SHA256
f787f543d052d4000d007bdcd71bb6b7024293f2ad2d543b02b4121b1da3ebf8

SHA512
c82cf736af02ffe5e76b88d802e7800787826bbe5cbc59b64b4f77f9ff1168f9ed43a9c68e3a9d13407e38f16822755660d359b42ae339d0d2bac754f192651f

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG212A.tmp

Filesize
3KB

MD5
f90a03d152e8202c3eb57c6e6eb710a8

SHA1
cab5b11304ebbb9a1ca9c191fbc737082bcb49b9

SHA256
89eb956a0ac5a7ebd558eaaebe485c87c40c47baf1954b272b26b0b8724a6352

SHA512
2e3e8c359ee1b97e5a01aff6192fd39236f14cd75812fb9ec2488e938c52db294c859062d89b84f6593d3c492d310fe6b514df235b52dec189e7b62e02bd86fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG2169.tmp

Filesize
3KB

MD5
cca36a379e81a944c607e4f4d544c565

SHA1
d09aef7d6cf0bd140f121a85ae2b92307119db89

SHA256
8975303228de2bf10d7a55bfbd591bce14e4a124910265eefbeb58229347268c

SHA512
8a851c8054c694dcf0b942550de764915f0c860277f910fa0fa6d66962f7e6c7a7c8498a0abd55e51e6725fb585820a957c079351883429242e4c0abf7f79158

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG21A7.tmp

Filesize
4KB

MD5
9a6b92b10fa585333d0291ac3d87537f

SHA1
9536e72a6f059ff86deaefac6676305fdb23530b

SHA256
713b38ef078f28703e15256cb30ccdf5e496256f9b0e92768d0a63be39c3e825

SHA512
28605010c1a45e8d08e1b4ab82a697694ed977213902707a03f6da0570b37cfdba00002e29ad072273d3353e18200d763e2f05cc504c36fec53778288ad5691a

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG21E6.tmp

Filesize
3KB

MD5
79d558a3f5a649a98ac348ed8a0bf6dc

SHA1
5cc1a6a3339b3104af499a8d44fc426d54021e85

SHA256
23237d250e185d524d26dbdc6ce16adffa9a0b65af35fefac3bf0d01004d5bd5

SHA512
6ff24db910fd94551806670d922c31802e4f49dc68e1fc31d33cae1269822c6324563672804f0eb8fccaf2191281d860f74f243b0effcb844ebb3ec8044f85d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG2234.tmp

Filesize
10KB

MD5
b0223e1939178bf83ef084f4d98d27fa

SHA1
5d1b1aaa0e159fb6ab3370c473f38c7910b28663

SHA256
beb092700ad0e8e12c2d46c23b5f56c78fccdf25291f92fbf9f56f205f59f10d

SHA512
707d24203e0adeaa521d62f3e7b4bf4b73f17849294a7f33e8dc89d563c942a7cebc08bbd1d55d9ca3d46be835983e9310386c2339cea930a50ee862f97f01d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pq1ih5ux.uu2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\MinecraftInstaller.exe

Filesize
32.3MB

MD5
4f02ac057355b5dc73ea28aecd2d56b4

SHA1
32591cb75779a3e308a44e75a76f821e7dee11e0

SHA256
83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4

SHA512
9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\CL_SetupEnv.ps1

Filesize
5KB

MD5
4ddf0c498640c370e1784e79f0fdac92

SHA1
b51b2181f848e37750ef4990f541fc101a3fbccb

SHA256
9077f7333d2a6e2128964b82ee75d852eb8254b3f859fdc8f351d276c9cbc97d

SHA512
223d07ff369f89ff26d141b25f1c94d5f03772a61b2afd6e95c465ce49bb0588a708c3d4646c38173f71c0e2b38d50158a7dd4075ec9184c29e6d5eeb4f34555

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\CL_Utility.ps1

Filesize
3KB

MD5
1214973d075474ef5b2f6e146228790e

SHA1
e7aad84340db77b0b83a7d0ef34ecbc71ca17b55

SHA256
6facc78db7bd38aa4d0064f860f3b3e1a371549625b09177e291f723e938f147

SHA512
1f748cf98f1cf4fbc30e3d56b7e68c3ef592a2d8e900d5fd4a7890065b61bde9b3db07344c70c4fb0ee8e9482e3732783fe8f808fbdd28cc960fa2d54d689e56

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\RC_Pendingrestart.ps1

Filesize
960B

MD5
fbe432569a75e8d646b5fd3d14b70deb

SHA1
23fae396480a8cdaa4705372947cfd89b6dca2c1

SHA256
128f5a8a0df3549175f6a80d38d97a42f9086425ecb191e9965f97dd2590608e

SHA512
6a89f3fc9d5259e32a18c0bac50296d2dfa4d1308900da5941dd874e72252f2259302acac9b2263a38a9b7bd851d805c48e4b6741e92f6bfc8f12fd4284489d9

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\RC_WaaSMedic.ps1

Filesize
1KB

MD5
0ad285ba852ea709534ee7fbf6a95c1d

SHA1
f23115c60b3a64f02f66693e8f620a0b5b34d7d3

SHA256
298f6d37ae210dcee4381c94b7df8b1c7b43afdc9c170bffc876e135e722c251

SHA512
c963a0499916dc9702d1c43b852b4454aff50988b57c5beb241ba1a5ecf7196d9af02b46ec0b7c799b920791c0d6729243c62406a241f4afd8ff5a86e611aa3d

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\TS_Main.ps1

Filesize
3KB

MD5
9f73b819ca1f285afb1531ce8d255fd8

SHA1
a1e6377b540a26b7a3f79d0cdf645f5bce292b8c

SHA256
1a7e22f7e0d45ab58b965b5adbed5f5c53d4d7a98feb01a956cf5f052868cb84

SHA512
7f3f538486a7f2f894999dc1202906caf13bc0e810ea849529304f4a66a9fa9c33f607ba85c061b8c89125a1725dc43d68cab3eb614ab8aa91159cd65726b3f2

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\cl_Service.ps1

Filesize
4KB

MD5
e9c7251335c9fd0da44321fc4355d429

SHA1
9376085dda11223ce09844216721c29c1ebc394b

SHA256
7c8d05cf9d82729e24e371a8ad9f8d47c191bf7980bce9e3abe3d8986268d9ab

SHA512
397513ba1eb1a4dfdc0c8f2b91c1307cad847179cfd77acdd9bd5fa3ee9d7980fadbc946b457e7e1c22c96398901d090f2b27305a81da4d5695d881c01a173d0

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\cl_windowsupdate.ps1

Filesize
13KB

MD5
a33c56824341bd79927a2d2fc687e58c

SHA1
094ce6d8f3cd8372df2d8ac6f4b88d8a35f519eb

SHA256
0e5c9cac5b2697acb2ee059fac8189be9aafc244e99b41566c009d6528ec7175

SHA512
b548beb024b437c3d75eccfc4f4343b68b1f30ee024f0749a24c8d0c53f4ea0b1b41685bf502d6700bd240f2ffc23cde0e9feb90ca6d1fe96a28ee4435ab19f9

Download Submit
C:\Windows\TEMP\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\en-US\CL_LocalizationData.psd1

Filesize
1KB

MD5
9f445f0aecd769bdbf01880fa071e3bd

SHA1
f5c1d9df0c788c56e443ce725e5f25b55a29c44b

SHA256
123c59ba4994b75f4be87ecbe8083bd65fe4186defe2df09eb879b33bd5ed800

SHA512
86d63bc8e21c6a69cf93a227f8430c0017c1346787dc07f6e55e13fa29037f0c69bcc13783e3ea3adb3f7568a1f923c54f05e8377f393477e8b7b613156ea0d0

Download Submit
C:\Windows\Temp\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\DiagPackage.dll

Filesize
77KB

MD5
458bc0d439cb0d955120ae319c6ed91b

SHA1
b8899daffcbf912462d7e089d126d664c1a40216

SHA256
9454ec899ff78ff14c4c5137ba23d99dfaba079c629afd790640d0f07724201c

SHA512
fda4a2641db70fabc10d73dc28dc13f3b85140a382e032fa7a46abd5eb72e076f96794ccbc0f344a0cc88222fe27ee527a3587eed286e3e3db338824950369c0

Download Submit
C:\Windows\Temp\SDIAG_1ee955f0-fe39-4e7e-adfc-a0a856347c8f\en-US\DiagPackage.dll.mui

Filesize
6KB

MD5
84d58b706a4a16e582a140f72110b7f5

SHA1
bb7a3f254dde61f948417eabdc5a0883d102d873

SHA256
4b012aeaa40324691c6af926d5bb27409232fe8c484fd295d64925fc36f31060

SHA512
9f520c9d00586d9fb8a87b904d75616ca18b6dc3badd1db71ee85236a6bba459d56eee6ba29ae8cd2139fda8e5df961b232ad87a17fb4dbe61dd4422d804c508

Download Submit
C:\Windows\Temp\SDIAG_31f05140-386d-4401-8780-258055aad8ab\DiagPackage.dll

Filesize
478KB

MD5
580dc3658fa3fe42c41c99c52a9ce6b0

SHA1
3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

SHA256
5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

SHA512
68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

Download Submit
C:\Windows\Temp\SDIAG_31f05140-386d-4401-8780-258055aad8ab\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44c4385447d4fa46b407fc47c8a467d0

SHA1
41e4e0e83b74943f5c41648f263b832419c05256

SHA256
8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

SHA512
191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

Download Submit
C:\Windows\Temp\SDIAG_d9a33b67-39d1-4474-9837-c49e9960cee3\DiagPackage.dll

Filesize
77KB

MD5
fc7504df42668c2918657d1b9a3102c9

SHA1
5f9a70a31678e2e8b9a10849ea8657702d0cb53d

SHA256
159c4d4621f4ce1f4da14246401d85a00b40c0090fd0b2640446a896127ac646

SHA512
c844f9e5ba72eddc6aca73e09214bf8372ee5676124077983b78b10b9830a5e5eabd9c9fff2650858836f995ea79b1f0502609a428797b838ac7cda3f627c0da

Download Submit
C:\Windows\Temp\SDIAG_d9a33b67-39d1-4474-9837-c49e9960cee3\en-US\DiagPackage.dll.mui

Filesize
4KB

MD5
2ad9d1abe41ad048186f196b58fd8e9a

SHA1
d9c66f6ef89ad126ef2bbb36e0bcf6fc8a0e34af

SHA256
9b9acb69e01f79160d368cdcd8a4dc81f18da6398f920b6f663938171f5f718c

SHA512
4c4e1e5bbe173dfd37c65fff64a029883b2f719a360a9f5ee0772b304a518839605528b97b1ac0319b79a6d7f284767ad6c04b3b769559e2b14600c467947d61

Download Submit
memory/4704-825-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4704-799-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4704-785-0x0000000074F7E000-0x0000000074F7F000-memory.dmp

Filesize
4KB

Download
memory/4704-815-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4704-814-0x000000000D810000-0x000000000D836000-memory.dmp

Filesize
152KB

Download
memory/4704-813-0x000000000D4D0000-0x000000000D4DA000-memory.dmp

Filesize
40KB

Download
memory/4704-811-0x0000000074F7E000-0x0000000074F7F000-memory.dmp

Filesize
4KB

Download
memory/4704-800-0x000000000BE70000-0x000000000BEA8000-memory.dmp

Filesize
224KB

Download
memory/4704-801-0x00000000078E0000-0x00000000078EE000-memory.dmp

Filesize
56KB

Download
memory/4704-839-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4704-798-0x0000000007880000-0x0000000007888000-memory.dmp

Filesize
32KB

Download
memory/4704-797-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4704-795-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4704-794-0x0000000007CE0000-0x0000000007CE8000-memory.dmp

Filesize
32KB

Download
memory/4704-792-0x0000000007100000-0x00000000072C2000-memory.dmp

Filesize
1.8MB

Download
memory/4704-791-0x00000000002F0000-0x0000000002346000-memory.dmp

Filesize
32.3MB

Download
memory/5564-1334-0x00000273E1530000-0x00000273E1552000-memory.dmp

Filesize
136KB

Download