Analysis

  • max time kernel
    38s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 10:37

General

  • Target

    ts2_client_rc2_2032.exe

  • Size

    5.6MB

  • MD5

    3c9d1bf8dfd3e257e536f0b87fbec00a

  • SHA1

    666c23e4bf275d109475f03821790b9268f94ae0

  • SHA256

    033db3bf5602914d750ec9d952d680c7845872c204850c82a1642f92bb81e7af

  • SHA512

    1c80f85fff45cca979f6f86ac6db22d724e64b88c601f88297d0f83ec4644a3ec2da843c94f61bf5394842cecec083cb11720eb05ce75f5a1399ee6c459c3129

  • SSDEEP

    98304:4VTuKO5b4dqD7mAQ6MLvCZwLr5STr6UdDJeYuQu7DaJI0KlAW1RwwLqRFnAj:ypOF4dyMTawYrf1nuT7yKlvROnm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 19 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 11 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe
    "C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
      C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp /SL3 $50016 C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe 5845683 5849097 61952
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
        "C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious behavior: GetForegroundWindowSpam
        PID:1628
      • C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
        "C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2284
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72a9758,0x7fef72a9768,0x7fef72a9778
      2⤵
        PID:1332
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:2
        2⤵
          PID:2976
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:8
          2⤵
            PID:2112
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:8
            2⤵
              PID:1056
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:1
              2⤵
                PID:2356
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:1
                2⤵
                  PID:2684
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1588 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:2
                  2⤵
                    PID:2760
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1484 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:1
                    2⤵
                      PID:1976
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:8
                      2⤵
                        PID:1844
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:1992

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Program Files (x86)\Teamspeak2_RC2\hvdi.dll

                              Filesize

                              168KB

                              MD5

                              c656c004ccff67aa3179a545433c22a9

                              SHA1

                              07f8c518472e40b367d5035cf38436478eb23f83

                              SHA256

                              b205f6e9ffb4bc485113f0a9cf3956243fb99c376ec1d7743d7b461253fbe63f

                              SHA512

                              5adc9036829a049f34426fd53409e00e9b3f8ce4fb0bd69ff4f4b4de25b83f5f991757d33228a40eea7a8afbeb6c856d441abfddd8bb6cd5d3f5cd2378676574

                            • C:\Program Files (x86)\Teamspeak2_RC2\lhacm.acm

                              Filesize

                              33KB

                              MD5

                              4585780a8eb71d86df64553b34ba8f79

                              SHA1

                              33433f33e6646421d2845ef76f3c49aceafe7176

                              SHA256

                              2727ae863927efc92a4765a9a2e77c6794b5b5cd80d754edcac805b76ebec91b

                              SHA512

                              6ddc5cf1cc83d98596dd07ad21c7d35366f772d92b017a7c4e5ad51a32657a1777f06ad58f100f94dfa142347db1bb182f1d840da01038cf58363d8d6290b876

                            • C:\Program Files (x86)\Teamspeak2_RC2\libspeex.dll

                              Filesize

                              148KB

                              MD5

                              ce52c1fbb33d71829416e2f5e3b8145d

                              SHA1

                              048f1ced666e66f647a8b27ea05f01ed184498d8

                              SHA256

                              68c6f31afa3fa7aac25b6e77f6df85f9d0b58289d2ec86a967f6369d41ef7f15

                              SHA512

                              3b7fa60630ba7768172599a012546054ba6e12a3b4db45cda75082d29af7f314e005e6f9fb2b22a70889df6e8abfa9b5cc1c6952caca0b7f5189b813779e65d6

                            • C:\Program Files (x86)\Teamspeak2_RC2\manual\is-71BJ3.tmp

                              Filesize

                              7KB

                              MD5

                              8fa5ecb853c6be7494a5181d211f4ea8

                              SHA1

                              d1ec427d4740b8922008d354df5483dade74624e

                              SHA256

                              a0516fe436a05eec63b481ec3202e18e268a8af1eaa822e0b70ebb3ff91561dc

                              SHA512

                              3235a2a5d62f41324ff254c4a2c4eac356dc4ad9a06244845f6099aa47b56990dbf55182e672bfada2e63620033a81b8780a76c48dbe978e4aa86b102d6b66a4

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\03.linkdisengaged.wav

                              Filesize

                              82KB

                              MD5

                              61722544981caa90dca60b0b96b119c0

                              SHA1

                              f167467347cfc12e45d396e8128ba34a6c701024

                              SHA256

                              74ef22fe4f72d7c7dc11d5d38fc667c5fef780d01e4dd0fcd98ff74baf1822f8

                              SHA512

                              70779ae4552a7dd7c369e82105c6a21e55c12ef87af2efc1a34b63d3fe5a51d93ca9d01a86527eb7c2158fb615f41ed4679cec0ce7067102b8e52e5cce0f843d

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\04.linkengaged.wav

                              Filesize

                              76KB

                              MD5

                              2e41f1e2ae9e54dba2b3e4a4365de5fd

                              SHA1

                              35695284fd3cf93df7fff41054538a8ef514f633

                              SHA256

                              d129fe2e51f1efae18142c0ba4079aa524e49bac55e107676819fa4c40d9b869

                              SHA512

                              eaa74f3b06208a37562c240ecfcf6773310e1cea06ecce3365a5d5c8ddbd8b52259c2751f2c2f3f7c8873db035007fd9fd6f4772e074c689c51b3c88426ab18c

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\07.newplayer.wav

                              Filesize

                              62KB

                              MD5

                              77079325858fae83e7ca3c52aadaa8cb

                              SHA1

                              febf64a5eea2a9732902a3818701fa7a1e6e609e

                              SHA256

                              3794111ef4500d426c7989260605a65c8b82505e02cded4ab30d6c494175049b

                              SHA512

                              d82f7a75cf5b29f5553595dfb1b2647dfacb3942ab6d690c39d0b62b87de4e1b9e8325d8e93aae1ecd6de1ec42c5c187ddd46cf46dd06434b5f5344e1303dbee

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\08.playerleft.wav

                              Filesize

                              68KB

                              MD5

                              444b0c271441e8a0dd9c0dfd8f401d5a

                              SHA1

                              2af31155108c5ea93ca7b723b4add303b2687c76

                              SHA256

                              99a98791d457582a4179d186c65d5c9be05d3efbef51b18c3902acbda5cd5cf8

                              SHA512

                              caa68ecbfc123eea496974acc44c1206643480d93c12e8d929dd9f9de55b6ec36d8c855fbab913111be8fc42d815669536cf6e41f0ca35e67f68d965139339b8

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\11.memberjoined.wav

                              Filesize

                              74KB

                              MD5

                              886223534a5cc92f706ab81605f74d3d

                              SHA1

                              f7e8fba75799972cf16447502f19d4622a2dba4c

                              SHA256

                              cf31d72ea725efd047786bc9bcb06c87d350cff25c9933cde600f10d99f99b55

                              SHA512

                              62655235bd51a9b55918fa5438abfda3b34a8c8c46ce1cde7432f576fa93f528f1d2ba672e40ff3abdf9cf2c466aaa488c8c11846d60373ab57713278645ca4d

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\12.memberleft.wav

                              Filesize

                              77KB

                              MD5

                              fa181ea8cb0b492a0c22746d5857a1c5

                              SHA1

                              38d5fa0672e035a23336ac3ced42551af82dc3cf

                              SHA256

                              8f1da7da639f31508fd1ca7adb12959c96803958f741bf2bc458dd8752993920

                              SHA512

                              43b24e1728ef3cdcf4eea130cda2638f483ea3cde5c58c13f64c2c97c410b8573ac511600d8f07f04ad111367861dadb474039e3c8c702be4e70538967804d1e

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\21.playerkicked.wav

                              Filesize

                              80KB

                              MD5

                              235299c5af3d38f217e6ccd627a3c3fb

                              SHA1

                              b9b54c796d7ec0aab117a24d3caf8faa2d437fe0

                              SHA256

                              5cb40b2276719a02a1ac21444a71c5c16518db20ce501acb7753936d0bf61e7e

                              SHA512

                              994014ef18ea3ddcaeabcbbcaae794c394ffab4bc9bf148c89b4972047cddd91e06e2e737bc48874bf70c3c1a255dfc207206b28e036d54b209d40c579dae554

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\22.youwerekicked.wav

                              Filesize

                              99KB

                              MD5

                              0f48c7c9a25bdc178f70d5cd0aa5f869

                              SHA1

                              2cc3e0e60e4ea174fe1f1adfe0c76c5780431bbb

                              SHA256

                              b97609cf59ccb417f0409c2738c944e97bb7f0fdbf64701161c9f5229c80a528

                              SHA512

                              6bdb6c3aff0f2b969b95f4aea1171ab347f77c0a7683258af2e6f99a4c642b8856cf5fbbb57b155780019e014b0a6b7074bc65ab751c6032e3db15660c11d29b

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\23.youwerekserver.wav

                              Filesize

                              112KB

                              MD5

                              f10138155c78b48844be82f8fe9f9c2b

                              SHA1

                              c2329888a3eaf2acf5933a4a1ff51f1a1aa4fe9a

                              SHA256

                              b5dd8d9dd826133b707a6f457edc1278d519213437fd640f46d7421b9dce975a

                              SHA512

                              231e4a70354f84cc02a4355c75faccaf6c0db233a1ce82bc592157f933f1d599382ecd743ca3cd6ab204174d08ae76e7f3194b478d869630f2c2b99bb250c7ed

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\26.yourconnterminated.wav

                              Filesize

                              148KB

                              MD5

                              dde6a2e489e5be1d088559ceba5e2a2a

                              SHA1

                              8921327c80be08c0abf3aa315d4b56d41e2ee170

                              SHA256

                              8f16bbd160619a2aa36df7a6519600986cef3abc33155646bb2f931a2f21b74d

                              SHA512

                              b2ddebba83871097920435da87b73cfab58307e9b27fd304637716fc06cf16b64781991327892d5ccd22da8258680589afe6e4cbd8dfa944188aa2111ce1873e

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\27.switchedchannel.wav

                              Filesize

                              96KB

                              MD5

                              aa6b26815a9da11fe5f13121fbf5ef0f

                              SHA1

                              ab768a41677f814ec7a73fec3ea1eaf8937e1d87

                              SHA256

                              e5878cc7b6d63fc0a973f433388715fb551fe1e646f042bde6eb793ec4869571

                              SHA512

                              5dbc3255b6f587eedaddc387f1acb0dfcf3b5778243a8c7735990cab8e88ccaf87836891d3e4b176663215169c7c66459162427832a912744207e7094e4d94ee

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\29.micmuted.wav

                              Filesize

                              91KB

                              MD5

                              7fa51ed8c9dd8fee997d062f6d4cdc15

                              SHA1

                              c8678b188b4ac510223dda3b64f55605fc08f16b

                              SHA256

                              fee6920d7846378606c1c44ae4b7c5f2d631a688aadf8f1e5353b606d4317c59

                              SHA512

                              7d1ba6870a669965ea11d8da47ea1ff2067fcd611be2f97ba2e7355468b0b2d9944c0ba0a97da386b3b8864c37c3764b55f6c702693ea945f3abbb67c2d086f5

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\30.micactivated.wav

                              Filesize

                              102KB

                              MD5

                              8f9c311c6b7bf5b9304a492c87383043

                              SHA1

                              87d49e2d82736f7bfb8a920b25c9377f0d1ec5f3

                              SHA256

                              7238457c2a8f7d064576da79ee8823e056abab707398c9c7ae89eaf3068b58c9

                              SHA512

                              cabd1881ac2e36019086b9cc01a2b26cec03277a6b9284dd6343d8644edafac83d1b956c437f502bde40142c627d84b0c09d7e9d62442c08e7b0326ceec3cc37

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\32.soundmuted.wav

                              Filesize

                              84KB

                              MD5

                              e28af5fa5f5f1590c6bda6020f41b253

                              SHA1

                              6cdf9a718cdde0b5a6a82138cde558e7dbaaa778

                              SHA256

                              8a48b742408a89615df8d5d7ab97683d701c5047d75b56c72057007f480ce4d6

                              SHA512

                              ff24c890ce0eb3c901b66a6f51b3fc9b359e5aa5b94f5c211dbe00ab43a4c180ff14625dd6b1b41f120a84ab63bb46451e0d05a5c4bb9c888e76f6bcd5071534

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\34.soundresumed.wav

                              Filesize

                              89KB

                              MD5

                              b49b3c4561191c200e67e6cbffc4e677

                              SHA1

                              005227a5b2bfca923bdf0b76f31acb861f6330cc

                              SHA256

                              4db31f620af136ec1521180a183801a0a85cb6ee5f77ea7e89499272095149ba

                              SHA512

                              f4cc00d2d85211af7b413587e16d4318c8453eeb10f32709a6330e3d403ca731b7ff7cb2776cc5b0dce22bf7bedc6a29180ebf51164b2e0435fe5a94dbe95162

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\35.v_stat_granted.wav

                              Filesize

                              112KB

                              MD5

                              3f9799e232db2943777a6ff8bd28364f

                              SHA1

                              4cabb4d7dcc76d3f8966e7f8e8bc807e13f2adbb

                              SHA256

                              5e78b156e7c4e0a76219cedd693cfe2ce9f97e6b954ca57002f7f06bb0cfd4ba

                              SHA512

                              9976e75264da7ace014498eabc0f6b6f00e31e3fb07f9a58cf06727062546a638b239fb35cdafe77ab68ef21748b02f06464abab53789bc9e1e33fcaf4232089

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\36.v_stat_revoked.wav

                              Filesize

                              121KB

                              MD5

                              c2b021bea7d8880e08ff2d082f808a28

                              SHA1

                              f1ceafc928522f44a40165121f87f87f8e3d1300

                              SHA256

                              4376c2a4390519b6dd7c6d64383c3b88e9a4215acddf9f765659aa1694a9a1e6

                              SHA512

                              ba08d46d9b5c822306a07d2762b5f5c6d030629e7bf8817fef31a69653beb4520cd25340e405e2949effd2229f444a726ee0cd9c7acd0d8512f7de7bfce015a6

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\37.v_requested.wav

                              Filesize

                              106KB

                              MD5

                              418126655271cbbb228b5ed725e8fe25

                              SHA1

                              2534716c3acb05d37143b6d8a6cdd585f55b82da

                              SHA256

                              1d60889f2a891eb1c97074c357adc0208c1f2d127ab44110410b477c105e30a2

                              SHA512

                              b7dced424aaef22c292cdf7959302174f32f4dfd7ba89f71d42e3b0cd70a51776036502ba1193ff368f430ab5accab48f99cb80f7f8cdfea4ff739cdc0db047f

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\38.op_stat_granted.wav

                              Filesize

                              111KB

                              MD5

                              93e310cd0fde7621f3480d0f19d29006

                              SHA1

                              7fdaf2471e92b39efa84cf9bcc3f2d2426283ea9

                              SHA256

                              b9ac1e1e1aafdfd75d338a2f8e2047796895aeb6640a6ea873080f20c524470d

                              SHA512

                              c80891fa85a8cb7eaaa8d6c0bf9ef7afd1e9e9914cf66a7b092200e61455c9deb4e70e7bc3d8670c1cab848121d94d5b1cea4f17f8b7419a38f28c7b3c7c0346

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\39.op_stat_revoked.wav

                              Filesize

                              126KB

                              MD5

                              4f5a6fa536e9121cc4081958c9c8cea4

                              SHA1

                              1aeec4060a858aced9b2f3116065606646675a32

                              SHA256

                              ce2be29c0751066a0436e4d1c6d942140116d0e6e59a2bdc452cec8fcb286e36

                              SHA512

                              0523b4a8300d6f795cf25e1cc850a867287324ffbad7fd0436b5365ba28989df9c8917cec5bde46710ce2b7e58b8ed2c45697d546a2e119f0463662fd44d3e83

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\40.adm_stat_granted.wav

                              Filesize

                              115KB

                              MD5

                              01886ec8f7b87d6489e60e47b3d97305

                              SHA1

                              8a35b41d2f6c82da2701fe89a83337ebd2f136d8

                              SHA256

                              2a49b613e09543c47fe704807be8c71ce9dd0c20a6009e0d9435a0e389e23ed8

                              SHA512

                              9d8255552ea3b24fc741c4cc37bc2ae0d00a05315fc8476eb4c22addff776210bf072d5fc97ee1b55423efa5b657bfd73e983c0d2df547fd30440566c418ea16

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\41.adm_stat_revoked.wav

                              Filesize

                              128KB

                              MD5

                              d90a1f83e280b8ae76c2c1e4a0ff88df

                              SHA1

                              a054ae3a1575deda921415aa6fadc68cdf02d0d9

                              SHA256

                              458797c4c16f66ca113e80278f0d0b9154c4af0c233a23ff634bb5dd08f87dd2

                              SHA512

                              9877c81b65d14b9f0fe2a61c7d7954a4a44e2abb700b545f0fb75d425141bab575c495a90163aa6a8e400f1f06fa839262595d5169b9a9e3bdddcdbd373a0c9d

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\42.servadm_stat_granted.wav

                              Filesize

                              115KB

                              MD5

                              94084eb9f88bb31d8fb312df5795b549

                              SHA1

                              405bdf1f47abe0908337531a120866b5641f87f2

                              SHA256

                              069a04bbc6e24d5505812f7125d964a2ac427b026a77cfe05d51bae58c034315

                              SHA512

                              2b7e8d609f4a6b023edcba9f92bb3100cf8797e268ff78344bcc61092ef36eecff63614bfeda3fe1bae8cbb98e719f96c2bea25c8ed92d943279d63c5b339ca6

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\43.serveradm_stat_revoked.wav

                              Filesize

                              122KB

                              MD5

                              909d6c95a8c185e2868f50e934491096

                              SHA1

                              7490a2f4c5b4f01ce7ca9b34c46caa91bb9592f9

                              SHA256

                              4e93b3508ae937c1d49274a453585f3f291a65ae216f4cc31ae142befef49f50

                              SHA512

                              4bef85086324e3b5fba22df24d80953eb211b915009385bb0220b320f5c60d4a56a5f96a4d80a5368b17416f033c7f907356a28f2ecb31b32fa55a981e886c8a

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\44.registrationcomplete.wav

                              Filesize

                              102KB

                              MD5

                              8367a72d3af2ddb88206b7dbe5602e3c

                              SHA1

                              6d7e982ecb23c60d4dca9ffff4a2e22d2a6b3a38

                              SHA256

                              bd242994a28dd1feb6075cd0101f0e69cb52b48ec879606603e8914f6dc904d4

                              SHA512

                              8d6f4014ab43a44bbce9399120ca9311385cca13511fec0f00477f215c733dbee415de99cfe36448a2485e7d437ad16de59b057237ab936665a90e03d98d9f5f

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\45.registrationfailed.wav

                              Filesize

                              102KB

                              MD5

                              08fa9bbea1420cc92efbc3502c25d8c7

                              SHA1

                              652dac12b32f60cfa21476fddeb18069d9f40f5b

                              SHA256

                              731c26f3931b2c27e7fde453c2c6e1e4d8ebb72171cb44d8e10c34e7bdbcfd07

                              SHA512

                              e2c709d0f04b02763378c56f776be33b77833206e381a74eaa6b7d227307feb49a4cabc411cbed976e66da7a55088fdc546d36a6c75ce2f85f66c513faa7270b

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\46.incorrectpassword.wav

                              Filesize

                              91KB

                              MD5

                              39958207dcfe605e6e5165412a3d8ab7

                              SHA1

                              7912d7af09c704cbc3d5dde7379af5cc77d1f855

                              SHA256

                              97441ee5740fc1098319ac99df00a72142009de65ee8861d0b2df28cb13db989

                              SHA512

                              032dc426a0bfb4468698d13f8ca63ac13c65fa7813feeff7c0a0ca7eea74688ea7b5ff824c86e1b9432c670e6031c64d97b9835c275232e0569a3f96522c456f

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\47.accessdenied.wav

                              Filesize

                              101KB

                              MD5

                              0d67f756d7ca03002de600f506e4b5db

                              SHA1

                              a85e971f2df34d7881683e2e57cd0c7427ec3bef

                              SHA256

                              dfa0b451e0fb5d699e6cb645edf61803e648ca18c7327c5a37eddf54a74f993f

                              SHA512

                              a1faf2a38e0ab07b1d247f099e4d518b73558df169e3599e9b422c749e5daad4b702fb89e0fa3e6b74a3154b979d4828de97b29c2cb6e56cbe8a24bd42bdb63b

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\48.warning.wav

                              Filesize

                              69KB

                              MD5

                              dbcc217ad6c86beade24b1959e48ab65

                              SHA1

                              27d4c3a903cf81d7b809bea0a89d210648ab99c1

                              SHA256

                              daba03b4144fdacdcd7604687fca0d7aad0a6d7b36f467341e19bfc3a46d3c34

                              SHA512

                              fe0f746d5a583430d1a929d184ca9f6d9d84a939eea6b972ca38523a8391f7f17d1102e3f16ad11e8f9b2f752756922590bec35947245bc76e63a49a53ced8da

                            • C:\Program Files (x86)\Teamspeak2_RC2\sounds\49.error.wav

                              Filesize

                              67KB

                              MD5

                              17ffe5cd0cbc7c99b5c7ef192eecb5bf

                              SHA1

                              f0d640ceedf6289cbd48e9f39fe92a14dc814c9c

                              SHA256

                              c988789c3272a8c8b8a04738d58daa6c9b7233ee273415d88b1a6ffef22848c8

                              SHA512

                              69da6b2b74ea6141ee4ad545b70e45eea51e946c3c5db917d8cce0e72b74f5b184c874c29e91ed0133f1fddd22541e8d887a9346e692d00e8a82611a10dad5d9

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                              Filesize

                              16B

                              MD5

                              aefd77f47fb84fae5ea194496b44c67a

                              SHA1

                              dcfbb6a5b8d05662c4858664f81693bb7f803b82

                              SHA256

                              4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                              SHA512

                              b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                              Filesize

                              264KB

                              MD5

                              f50f89a0a91564d0b8a211f8921aa7de

                              SHA1

                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                              SHA256

                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                              SHA512

                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              4663543f8b267d346707ba1d963fec36

                              SHA1

                              eebaeb3c98020b6f308515e723e160a45e544a46

                              SHA256

                              1e7ff798807a52bb589c1eb9d2a21e2984fdf02e850d4f2e9c1854b09b0e292b

                              SHA512

                              570bfcdfad66d1a2a7767edd72239a751d2f417f3b94cb2d2d19ad0607a098b65feb01eae3aa85b76c9c12ad2b3e57f273222ebb8dc24557c9224ce3711df0f0

                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                              Filesize

                              16B

                              MD5

                              18e723571b00fb1694a3bad6c78e4054

                              SHA1

                              afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                              SHA256

                              8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                              SHA512

                              43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                            • \Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe

                              Filesize

                              356KB

                              MD5

                              8bd7cd71a3ffe56b7587677947c61a15

                              SHA1

                              bfd04d24ec9c2a8b7f3ef369e98c7804ac66b60c

                              SHA256

                              4ba5e8c5f801e1e3cb3aae67ad18558a4f7630bf9d1672d94b5e3445ad5c3380

                              SHA512

                              1ae516b2e3c3d1d7205e7745c564dd1378b24aa2f2f4103cbcd592acf5857ca346f533a8540f2c8ba801216289511d585b74d77ff8f3fd226cdef9321209794a

                            • \Program Files (x86)\Teamspeak2_RC2\KeyPress.dll

                              Filesize

                              15KB

                              MD5

                              d866118be4b626fe08b52006c7091f46

                              SHA1

                              64db47a1cfec4e2255ce9bf3bcdfdaf6792a7626

                              SHA256

                              ffbea2ef6b4fe8fcda93fb6c19dc2974da4293d8db4d2b2b485b413d97ac5db8

                              SHA512

                              4dac02a26815c32157f38fae4d2480d4e612b3521912cbaef99edd0ebfc26e826f2ca61325751d4c134d2eac99de3d8baafedbdd958938ac51a12f11eb27660e

                            • \Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe

                              Filesize

                              1.4MB

                              MD5

                              1c6be6eb18c61af42cc113c062e48094

                              SHA1

                              7675d74bc32199e31bc4593e67429999240553ac

                              SHA256

                              8e26969e578b772030c8a5286ee1e10769ae095576533a2b7bc163843b83d2f4

                              SHA512

                              0f941250173ee724cec7be7260c9aecf03081cdcf098280782ffbe9176db09b5b25311d75a990afc28eb419326865fbf23a28e18652dd414241c0c5119039032

                            • \Users\Admin\AppData\Local\Temp\INS25C9.tmp

                              Filesize

                              377KB

                              MD5

                              ec2a3559ef793d976d3f72252ade0b68

                              SHA1

                              1673ad41b3683d9fde4e331ef97711af05c4c014

                              SHA256

                              995ca25e8ac883429e67e2985887c2dc122e4d3cca48d6ab5b545e6a896ae2e1

                              SHA512

                              a9f77b1735eb88e3ed790a0bb00637a616c33414cbb6f0b582322759a3bea3bf2fd7a334f92c17dd9f1669acdacc7551611ecedb80c11e999ddd120f104355b1

                            • \Users\Admin\AppData\Local\Temp\is-I8VMI.tmp\_shfoldr.dll

                              Filesize

                              22KB

                              MD5

                              92dc6ef532fbb4a5c3201469a5b5eb63

                              SHA1

                              3e89ff837147c16b4e41c30d6c796374e0b8e62c

                              SHA256

                              9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

                              SHA512

                              9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

                            • memory/1628-546-0x0000000000400000-0x000000000045F000-memory.dmp

                              Filesize

                              380KB

                            • memory/2284-570-0x00000000003F0000-0x00000000003FB000-memory.dmp

                              Filesize

                              44KB

                            • memory/2284-566-0x0000000000330000-0x0000000000357000-memory.dmp

                              Filesize

                              156KB

                            • memory/2284-662-0x0000000000400000-0x000000000057B000-memory.dmp

                              Filesize

                              1.5MB

                            • memory/2284-680-0x0000000000400000-0x000000000057B000-memory.dmp

                              Filesize

                              1.5MB

                            • memory/2284-682-0x0000000000400000-0x000000000057B000-memory.dmp

                              Filesize

                              1.5MB

                            • memory/2364-560-0x0000000000400000-0x000000000046A000-memory.dmp

                              Filesize

                              424KB

                            • memory/2364-545-0x0000000000400000-0x000000000046A000-memory.dmp

                              Filesize

                              424KB

                            • memory/2876-11-0x0000000000400000-0x0000000000417000-memory.dmp

                              Filesize

                              92KB

                            • memory/2876-561-0x0000000000400000-0x0000000000417000-memory.dmp

                              Filesize

                              92KB