Malware Analysis Report

2025-08-06 00:06

Sample ID 240223-mnvvcsfd22
Target ts2_client_rc2_2032.exe
SHA256 033db3bf5602914d750ec9d952d680c7845872c204850c82a1642f92bb81e7af
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

033db3bf5602914d750ec9d952d680c7845872c204850c82a1642f92bb81e7af

Threat Level: Shows suspicious behavior

The file ts2_client_rc2_2032.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 10:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 10:37

Reported

2024-02-23 10:38

Platform

win7-20240221-en

Max time kernel

38s

Max time network

43s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe"

Signatures

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\lhacm.acm C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-9F5CC.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-C0CD3.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-CUTO5.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-5AS1H.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-1PGL0.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-2OLG7.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-FVGM3.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-QP5OJ.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-4HP9J.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-759KE.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-M7PG3.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-GPASJ.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-APTPI.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-O6VKU.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-FK5H3.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-CD33C.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-7T4T7.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-4ROJC.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-09E93.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\is-PVVJJ.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-54I7G.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-38AVQ.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-UOCBF.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-CSSKA.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-ETUA4.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-ID73C.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-AV55G.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-BMRNE.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-1TNM4.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-KOLIO.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\is-NM9QD.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-36O9B.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-TOIBI.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-K74FH.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-C5MIS.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-S652V.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-892NA.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-7OT4I.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-R99EM.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-0JM96.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-8CJGB.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-P9R76.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-Q0J3U.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-76FNA.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-2IKV7.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-JCLQ2.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-HR41S.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-Q36GF.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-7C8HU.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-POF3B.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-MK1DF.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-C8BDC.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-J4AP6.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-290AD.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-9TL73.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\sounds\is-53ICM.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-731SJ.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-GLNOD.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-O7L0F.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-5NSK8.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-KUTJO.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-V4SBC.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-HDPQQ.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
File created C:\Program Files (x86)\Teamspeak2_RC2\manual\is-NSUU6.tmp C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\ = "URL:teamspeak Protocol" C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\Shell\ = "open" C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\Shell\Open C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\Shell\Open\command C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\URL Protocol C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\DefaultIcon C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\DefaultIcon\ = "C:\\Program Files (x86)\\Teamspeak2_RC2\\TeamSpeak.exe" C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\Shell C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\Shell\Open\ = "&connect to this teamspeak server" C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\teamspeak\Shell\Open\command\ = "C:\\Program Files (x86)\\Teamspeak2_RC2\\TeamSpeak.exe \"%1\"" C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A
N/A N/A C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2876 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
PID 2876 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
PID 2876 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
PID 2876 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
PID 2876 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
PID 2876 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
PID 2876 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp
PID 2364 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
PID 2364 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
PID 2364 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
PID 2364 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
PID 2364 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
PID 2364 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
PID 2364 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe
PID 2364 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
PID 2364 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
PID 2364 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
PID 2364 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
PID 2364 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
PID 2364 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
PID 2364 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe
PID 1912 wrote to memory of 1332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 1332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 1332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 2112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe

"C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe"

C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp

C:\Users\Admin\AppData\Local\Temp\INS25C9.tmp /SL3 $50016 C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe 5845683 5849097 61952

C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe

"C:\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe"

C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe

"C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72a9758,0x7fef72a9768,0x7fef72a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1588 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1484 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 --field-trial-handle=1300,i,1000885243378643204,3399303055145622190,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.teamspeak.org udp
US 8.8.8.8:53 abuse.teamspeak.org udp
US 104.18.30.192:80 abuse.teamspeak.org tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
N/A 224.0.0.251:5353 udp

Files

\Users\Admin\AppData\Local\Temp\INS25C9.tmp

MD5 ec2a3559ef793d976d3f72252ade0b68
SHA1 1673ad41b3683d9fde4e331ef97711af05c4c014
SHA256 995ca25e8ac883429e67e2985887c2dc122e4d3cca48d6ab5b545e6a896ae2e1
SHA512 a9f77b1735eb88e3ed790a0bb00637a616c33414cbb6f0b582322759a3bea3bf2fd7a334f92c17dd9f1669acdacc7551611ecedb80c11e999ddd120f104355b1

\Users\Admin\AppData\Local\Temp\is-I8VMI.tmp\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

memory/2876-11-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Program Files (x86)\Teamspeak2_RC2\manual\is-71BJ3.tmp

MD5 8fa5ecb853c6be7494a5181d211f4ea8
SHA1 d1ec427d4740b8922008d354df5483dade74624e
SHA256 a0516fe436a05eec63b481ec3202e18e268a8af1eaa822e0b70ebb3ff91561dc
SHA512 3235a2a5d62f41324ff254c4a2c4eac356dc4ad9a06244845f6099aa47b56990dbf55182e672bfada2e63620033a81b8780a76c48dbe978e4aa86b102d6b66a4

\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe

MD5 1c6be6eb18c61af42cc113c062e48094
SHA1 7675d74bc32199e31bc4593e67429999240553ac
SHA256 8e26969e578b772030c8a5286ee1e10769ae095576533a2b7bc163843b83d2f4
SHA512 0f941250173ee724cec7be7260c9aecf03081cdcf098280782ffbe9176db09b5b25311d75a990afc28eb419326865fbf23a28e18652dd414241c0c5119039032

\Program Files (x86)\Teamspeak2_RC2\CodecInstaller.exe

MD5 8bd7cd71a3ffe56b7587677947c61a15
SHA1 bfd04d24ec9c2a8b7f3ef369e98c7804ac66b60c
SHA256 4ba5e8c5f801e1e3cb3aae67ad18558a4f7630bf9d1672d94b5e3445ad5c3380
SHA512 1ae516b2e3c3d1d7205e7745c564dd1378b24aa2f2f4103cbcd592acf5857ca346f533a8540f2c8ba801216289511d585b74d77ff8f3fd226cdef9321209794a

C:\Program Files (x86)\Teamspeak2_RC2\lhacm.acm

MD5 4585780a8eb71d86df64553b34ba8f79
SHA1 33433f33e6646421d2845ef76f3c49aceafe7176
SHA256 2727ae863927efc92a4765a9a2e77c6794b5b5cd80d754edcac805b76ebec91b
SHA512 6ddc5cf1cc83d98596dd07ad21c7d35366f772d92b017a7c4e5ad51a32657a1777f06ad58f100f94dfa142347db1bb182f1d840da01038cf58363d8d6290b876

memory/2364-545-0x0000000000400000-0x000000000046A000-memory.dmp

memory/1628-546-0x0000000000400000-0x000000000045F000-memory.dmp

memory/2364-560-0x0000000000400000-0x000000000046A000-memory.dmp

memory/2876-561-0x0000000000400000-0x0000000000417000-memory.dmp

C:\Program Files (x86)\Teamspeak2_RC2\hvdi.dll

MD5 c656c004ccff67aa3179a545433c22a9
SHA1 07f8c518472e40b367d5035cf38436478eb23f83
SHA256 b205f6e9ffb4bc485113f0a9cf3956243fb99c376ec1d7743d7b461253fbe63f
SHA512 5adc9036829a049f34426fd53409e00e9b3f8ce4fb0bd69ff4f4b4de25b83f5f991757d33228a40eea7a8afbeb6c856d441abfddd8bb6cd5d3f5cd2378676574

C:\Program Files (x86)\Teamspeak2_RC2\libspeex.dll

MD5 ce52c1fbb33d71829416e2f5e3b8145d
SHA1 048f1ced666e66f647a8b27ea05f01ed184498d8
SHA256 68c6f31afa3fa7aac25b6e77f6df85f9d0b58289d2ec86a967f6369d41ef7f15
SHA512 3b7fa60630ba7768172599a012546054ba6e12a3b4db45cda75082d29af7f314e005e6f9fb2b22a70889df6e8abfa9b5cc1c6952caca0b7f5189b813779e65d6

memory/2284-566-0x0000000000330000-0x0000000000357000-memory.dmp

memory/2284-570-0x00000000003F0000-0x00000000003FB000-memory.dmp

\Program Files (x86)\Teamspeak2_RC2\KeyPress.dll

MD5 d866118be4b626fe08b52006c7091f46
SHA1 64db47a1cfec4e2255ce9bf3bcdfdaf6792a7626
SHA256 ffbea2ef6b4fe8fcda93fb6c19dc2974da4293d8db4d2b2b485b413d97ac5db8
SHA512 4dac02a26815c32157f38fae4d2480d4e612b3521912cbaef99edd0ebfc26e826f2ca61325751d4c134d2eac99de3d8baafedbdd958938ac51a12f11eb27660e

C:\Program Files (x86)\Teamspeak2_RC2\sounds\22.youwerekicked.wav

MD5 0f48c7c9a25bdc178f70d5cd0aa5f869
SHA1 2cc3e0e60e4ea174fe1f1adfe0c76c5780431bbb
SHA256 b97609cf59ccb417f0409c2738c944e97bb7f0fdbf64701161c9f5229c80a528
SHA512 6bdb6c3aff0f2b969b95f4aea1171ab347f77c0a7683258af2e6f99a4c642b8856cf5fbbb57b155780019e014b0a6b7074bc65ab751c6032e3db15660c11d29b

C:\Program Files (x86)\Teamspeak2_RC2\sounds\12.memberleft.wav

MD5 fa181ea8cb0b492a0c22746d5857a1c5
SHA1 38d5fa0672e035a23336ac3ced42551af82dc3cf
SHA256 8f1da7da639f31508fd1ca7adb12959c96803958f741bf2bc458dd8752993920
SHA512 43b24e1728ef3cdcf4eea130cda2638f483ea3cde5c58c13f64c2c97c410b8573ac511600d8f07f04ad111367861dadb474039e3c8c702be4e70538967804d1e

C:\Program Files (x86)\Teamspeak2_RC2\sounds\47.accessdenied.wav

MD5 0d67f756d7ca03002de600f506e4b5db
SHA1 a85e971f2df34d7881683e2e57cd0c7427ec3bef
SHA256 dfa0b451e0fb5d699e6cb645edf61803e648ca18c7327c5a37eddf54a74f993f
SHA512 a1faf2a38e0ab07b1d247f099e4d518b73558df169e3599e9b422c749e5daad4b702fb89e0fa3e6b74a3154b979d4828de97b29c2cb6e56cbe8a24bd42bdb63b

C:\Program Files (x86)\Teamspeak2_RC2\sounds\49.error.wav

MD5 17ffe5cd0cbc7c99b5c7ef192eecb5bf
SHA1 f0d640ceedf6289cbd48e9f39fe92a14dc814c9c
SHA256 c988789c3272a8c8b8a04738d58daa6c9b7233ee273415d88b1a6ffef22848c8
SHA512 69da6b2b74ea6141ee4ad545b70e45eea51e946c3c5db917d8cce0e72b74f5b184c874c29e91ed0133f1fddd22541e8d887a9346e692d00e8a82611a10dad5d9

C:\Program Files (x86)\Teamspeak2_RC2\sounds\48.warning.wav

MD5 dbcc217ad6c86beade24b1959e48ab65
SHA1 27d4c3a903cf81d7b809bea0a89d210648ab99c1
SHA256 daba03b4144fdacdcd7604687fca0d7aad0a6d7b36f467341e19bfc3a46d3c34
SHA512 fe0f746d5a583430d1a929d184ca9f6d9d84a939eea6b972ca38523a8391f7f17d1102e3f16ad11e8f9b2f752756922590bec35947245bc76e63a49a53ced8da

C:\Program Files (x86)\Teamspeak2_RC2\sounds\46.incorrectpassword.wav

MD5 39958207dcfe605e6e5165412a3d8ab7
SHA1 7912d7af09c704cbc3d5dde7379af5cc77d1f855
SHA256 97441ee5740fc1098319ac99df00a72142009de65ee8861d0b2df28cb13db989
SHA512 032dc426a0bfb4468698d13f8ca63ac13c65fa7813feeff7c0a0ca7eea74688ea7b5ff824c86e1b9432c670e6031c64d97b9835c275232e0569a3f96522c456f

C:\Program Files (x86)\Teamspeak2_RC2\sounds\45.registrationfailed.wav

MD5 08fa9bbea1420cc92efbc3502c25d8c7
SHA1 652dac12b32f60cfa21476fddeb18069d9f40f5b
SHA256 731c26f3931b2c27e7fde453c2c6e1e4d8ebb72171cb44d8e10c34e7bdbcfd07
SHA512 e2c709d0f04b02763378c56f776be33b77833206e381a74eaa6b7d227307feb49a4cabc411cbed976e66da7a55088fdc546d36a6c75ce2f85f66c513faa7270b

C:\Program Files (x86)\Teamspeak2_RC2\sounds\44.registrationcomplete.wav

MD5 8367a72d3af2ddb88206b7dbe5602e3c
SHA1 6d7e982ecb23c60d4dca9ffff4a2e22d2a6b3a38
SHA256 bd242994a28dd1feb6075cd0101f0e69cb52b48ec879606603e8914f6dc904d4
SHA512 8d6f4014ab43a44bbce9399120ca9311385cca13511fec0f00477f215c733dbee415de99cfe36448a2485e7d437ad16de59b057237ab936665a90e03d98d9f5f

C:\Program Files (x86)\Teamspeak2_RC2\sounds\43.serveradm_stat_revoked.wav

MD5 909d6c95a8c185e2868f50e934491096
SHA1 7490a2f4c5b4f01ce7ca9b34c46caa91bb9592f9
SHA256 4e93b3508ae937c1d49274a453585f3f291a65ae216f4cc31ae142befef49f50
SHA512 4bef85086324e3b5fba22df24d80953eb211b915009385bb0220b320f5c60d4a56a5f96a4d80a5368b17416f033c7f907356a28f2ecb31b32fa55a981e886c8a

C:\Program Files (x86)\Teamspeak2_RC2\sounds\42.servadm_stat_granted.wav

MD5 94084eb9f88bb31d8fb312df5795b549
SHA1 405bdf1f47abe0908337531a120866b5641f87f2
SHA256 069a04bbc6e24d5505812f7125d964a2ac427b026a77cfe05d51bae58c034315
SHA512 2b7e8d609f4a6b023edcba9f92bb3100cf8797e268ff78344bcc61092ef36eecff63614bfeda3fe1bae8cbb98e719f96c2bea25c8ed92d943279d63c5b339ca6

C:\Program Files (x86)\Teamspeak2_RC2\sounds\41.adm_stat_revoked.wav

MD5 d90a1f83e280b8ae76c2c1e4a0ff88df
SHA1 a054ae3a1575deda921415aa6fadc68cdf02d0d9
SHA256 458797c4c16f66ca113e80278f0d0b9154c4af0c233a23ff634bb5dd08f87dd2
SHA512 9877c81b65d14b9f0fe2a61c7d7954a4a44e2abb700b545f0fb75d425141bab575c495a90163aa6a8e400f1f06fa839262595d5169b9a9e3bdddcdbd373a0c9d

C:\Program Files (x86)\Teamspeak2_RC2\sounds\40.adm_stat_granted.wav

MD5 01886ec8f7b87d6489e60e47b3d97305
SHA1 8a35b41d2f6c82da2701fe89a83337ebd2f136d8
SHA256 2a49b613e09543c47fe704807be8c71ce9dd0c20a6009e0d9435a0e389e23ed8
SHA512 9d8255552ea3b24fc741c4cc37bc2ae0d00a05315fc8476eb4c22addff776210bf072d5fc97ee1b55423efa5b657bfd73e983c0d2df547fd30440566c418ea16

C:\Program Files (x86)\Teamspeak2_RC2\sounds\39.op_stat_revoked.wav

MD5 4f5a6fa536e9121cc4081958c9c8cea4
SHA1 1aeec4060a858aced9b2f3116065606646675a32
SHA256 ce2be29c0751066a0436e4d1c6d942140116d0e6e59a2bdc452cec8fcb286e36
SHA512 0523b4a8300d6f795cf25e1cc850a867287324ffbad7fd0436b5365ba28989df9c8917cec5bde46710ce2b7e58b8ed2c45697d546a2e119f0463662fd44d3e83

C:\Program Files (x86)\Teamspeak2_RC2\sounds\38.op_stat_granted.wav

MD5 93e310cd0fde7621f3480d0f19d29006
SHA1 7fdaf2471e92b39efa84cf9bcc3f2d2426283ea9
SHA256 b9ac1e1e1aafdfd75d338a2f8e2047796895aeb6640a6ea873080f20c524470d
SHA512 c80891fa85a8cb7eaaa8d6c0bf9ef7afd1e9e9914cf66a7b092200e61455c9deb4e70e7bc3d8670c1cab848121d94d5b1cea4f17f8b7419a38f28c7b3c7c0346

C:\Program Files (x86)\Teamspeak2_RC2\sounds\37.v_requested.wav

MD5 418126655271cbbb228b5ed725e8fe25
SHA1 2534716c3acb05d37143b6d8a6cdd585f55b82da
SHA256 1d60889f2a891eb1c97074c357adc0208c1f2d127ab44110410b477c105e30a2
SHA512 b7dced424aaef22c292cdf7959302174f32f4dfd7ba89f71d42e3b0cd70a51776036502ba1193ff368f430ab5accab48f99cb80f7f8cdfea4ff739cdc0db047f

C:\Program Files (x86)\Teamspeak2_RC2\sounds\36.v_stat_revoked.wav

MD5 c2b021bea7d8880e08ff2d082f808a28
SHA1 f1ceafc928522f44a40165121f87f87f8e3d1300
SHA256 4376c2a4390519b6dd7c6d64383c3b88e9a4215acddf9f765659aa1694a9a1e6
SHA512 ba08d46d9b5c822306a07d2762b5f5c6d030629e7bf8817fef31a69653beb4520cd25340e405e2949effd2229f444a726ee0cd9c7acd0d8512f7de7bfce015a6

C:\Program Files (x86)\Teamspeak2_RC2\sounds\35.v_stat_granted.wav

MD5 3f9799e232db2943777a6ff8bd28364f
SHA1 4cabb4d7dcc76d3f8966e7f8e8bc807e13f2adbb
SHA256 5e78b156e7c4e0a76219cedd693cfe2ce9f97e6b954ca57002f7f06bb0cfd4ba
SHA512 9976e75264da7ace014498eabc0f6b6f00e31e3fb07f9a58cf06727062546a638b239fb35cdafe77ab68ef21748b02f06464abab53789bc9e1e33fcaf4232089

C:\Program Files (x86)\Teamspeak2_RC2\sounds\34.soundresumed.wav

MD5 b49b3c4561191c200e67e6cbffc4e677
SHA1 005227a5b2bfca923bdf0b76f31acb861f6330cc
SHA256 4db31f620af136ec1521180a183801a0a85cb6ee5f77ea7e89499272095149ba
SHA512 f4cc00d2d85211af7b413587e16d4318c8453eeb10f32709a6330e3d403ca731b7ff7cb2776cc5b0dce22bf7bedc6a29180ebf51164b2e0435fe5a94dbe95162

C:\Program Files (x86)\Teamspeak2_RC2\sounds\32.soundmuted.wav

MD5 e28af5fa5f5f1590c6bda6020f41b253
SHA1 6cdf9a718cdde0b5a6a82138cde558e7dbaaa778
SHA256 8a48b742408a89615df8d5d7ab97683d701c5047d75b56c72057007f480ce4d6
SHA512 ff24c890ce0eb3c901b66a6f51b3fc9b359e5aa5b94f5c211dbe00ab43a4c180ff14625dd6b1b41f120a84ab63bb46451e0d05a5c4bb9c888e76f6bcd5071534

C:\Program Files (x86)\Teamspeak2_RC2\sounds\30.micactivated.wav

MD5 8f9c311c6b7bf5b9304a492c87383043
SHA1 87d49e2d82736f7bfb8a920b25c9377f0d1ec5f3
SHA256 7238457c2a8f7d064576da79ee8823e056abab707398c9c7ae89eaf3068b58c9
SHA512 cabd1881ac2e36019086b9cc01a2b26cec03277a6b9284dd6343d8644edafac83d1b956c437f502bde40142c627d84b0c09d7e9d62442c08e7b0326ceec3cc37

C:\Program Files (x86)\Teamspeak2_RC2\sounds\11.memberjoined.wav

MD5 886223534a5cc92f706ab81605f74d3d
SHA1 f7e8fba75799972cf16447502f19d4622a2dba4c
SHA256 cf31d72ea725efd047786bc9bcb06c87d350cff25c9933cde600f10d99f99b55
SHA512 62655235bd51a9b55918fa5438abfda3b34a8c8c46ce1cde7432f576fa93f528f1d2ba672e40ff3abdf9cf2c466aaa488c8c11846d60373ab57713278645ca4d

C:\Program Files (x86)\Teamspeak2_RC2\sounds\08.playerleft.wav

MD5 444b0c271441e8a0dd9c0dfd8f401d5a
SHA1 2af31155108c5ea93ca7b723b4add303b2687c76
SHA256 99a98791d457582a4179d186c65d5c9be05d3efbef51b18c3902acbda5cd5cf8
SHA512 caa68ecbfc123eea496974acc44c1206643480d93c12e8d929dd9f9de55b6ec36d8c855fbab913111be8fc42d815669536cf6e41f0ca35e67f68d965139339b8

C:\Program Files (x86)\Teamspeak2_RC2\sounds\07.newplayer.wav

MD5 77079325858fae83e7ca3c52aadaa8cb
SHA1 febf64a5eea2a9732902a3818701fa7a1e6e609e
SHA256 3794111ef4500d426c7989260605a65c8b82505e02cded4ab30d6c494175049b
SHA512 d82f7a75cf5b29f5553595dfb1b2647dfacb3942ab6d690c39d0b62b87de4e1b9e8325d8e93aae1ecd6de1ec42c5c187ddd46cf46dd06434b5f5344e1303dbee

C:\Program Files (x86)\Teamspeak2_RC2\sounds\27.switchedchannel.wav

MD5 aa6b26815a9da11fe5f13121fbf5ef0f
SHA1 ab768a41677f814ec7a73fec3ea1eaf8937e1d87
SHA256 e5878cc7b6d63fc0a973f433388715fb551fe1e646f042bde6eb793ec4869571
SHA512 5dbc3255b6f587eedaddc387f1acb0dfcf3b5778243a8c7735990cab8e88ccaf87836891d3e4b176663215169c7c66459162427832a912744207e7094e4d94ee

C:\Program Files (x86)\Teamspeak2_RC2\sounds\21.playerkicked.wav

MD5 235299c5af3d38f217e6ccd627a3c3fb
SHA1 b9b54c796d7ec0aab117a24d3caf8faa2d437fe0
SHA256 5cb40b2276719a02a1ac21444a71c5c16518db20ce501acb7753936d0bf61e7e
SHA512 994014ef18ea3ddcaeabcbbcaae794c394ffab4bc9bf148c89b4972047cddd91e06e2e737bc48874bf70c3c1a255dfc207206b28e036d54b209d40c579dae554

C:\Program Files (x86)\Teamspeak2_RC2\sounds\23.youwerekserver.wav

MD5 f10138155c78b48844be82f8fe9f9c2b
SHA1 c2329888a3eaf2acf5933a4a1ff51f1a1aa4fe9a
SHA256 b5dd8d9dd826133b707a6f457edc1278d519213437fd640f46d7421b9dce975a
SHA512 231e4a70354f84cc02a4355c75faccaf6c0db233a1ce82bc592157f933f1d599382ecd743ca3cd6ab204174d08ae76e7f3194b478d869630f2c2b99bb250c7ed

C:\Program Files (x86)\Teamspeak2_RC2\sounds\26.yourconnterminated.wav

MD5 dde6a2e489e5be1d088559ceba5e2a2a
SHA1 8921327c80be08c0abf3aa315d4b56d41e2ee170
SHA256 8f16bbd160619a2aa36df7a6519600986cef3abc33155646bb2f931a2f21b74d
SHA512 b2ddebba83871097920435da87b73cfab58307e9b27fd304637716fc06cf16b64781991327892d5ccd22da8258680589afe6e4cbd8dfa944188aa2111ce1873e

C:\Program Files (x86)\Teamspeak2_RC2\sounds\29.micmuted.wav

MD5 7fa51ed8c9dd8fee997d062f6d4cdc15
SHA1 c8678b188b4ac510223dda3b64f55605fc08f16b
SHA256 fee6920d7846378606c1c44ae4b7c5f2d631a688aadf8f1e5353b606d4317c59
SHA512 7d1ba6870a669965ea11d8da47ea1ff2067fcd611be2f97ba2e7355468b0b2d9944c0ba0a97da386b3b8864c37c3764b55f6c702693ea945f3abbb67c2d086f5

C:\Program Files (x86)\Teamspeak2_RC2\sounds\03.linkdisengaged.wav

MD5 61722544981caa90dca60b0b96b119c0
SHA1 f167467347cfc12e45d396e8128ba34a6c701024
SHA256 74ef22fe4f72d7c7dc11d5d38fc667c5fef780d01e4dd0fcd98ff74baf1822f8
SHA512 70779ae4552a7dd7c369e82105c6a21e55c12ef87af2efc1a34b63d3fe5a51d93ca9d01a86527eb7c2158fb615f41ed4679cec0ce7067102b8e52e5cce0f843d

C:\Program Files (x86)\Teamspeak2_RC2\sounds\04.linkengaged.wav

MD5 2e41f1e2ae9e54dba2b3e4a4365de5fd
SHA1 35695284fd3cf93df7fff41054538a8ef514f633
SHA256 d129fe2e51f1efae18142c0ba4079aa524e49bac55e107676819fa4c40d9b869
SHA512 eaa74f3b06208a37562c240ecfcf6773310e1cea06ecce3365a5d5c8ddbd8b52259c2751f2c2f3f7c8873db035007fd9fd6f4772e074c689c51b3c88426ab18c

\??\pipe\crashpad_1912_UWTUJZBGWNWXSSCM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/2284-662-0x0000000000400000-0x000000000057B000-memory.dmp

memory/2284-680-0x0000000000400000-0x000000000057B000-memory.dmp

memory/2284-682-0x0000000000400000-0x000000000057B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4663543f8b267d346707ba1d963fec36
SHA1 eebaeb3c98020b6f308515e723e160a45e544a46
SHA256 1e7ff798807a52bb589c1eb9d2a21e2984fdf02e850d4f2e9c1854b09b0e292b
SHA512 570bfcdfad66d1a2a7767edd72239a751d2f417f3b94cb2d2d19ad0607a098b65feb01eae3aa85b76c9c12ad2b3e57f273222ebb8dc24557c9224ce3711df0f0

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 10:37

Reported

2024-02-23 10:40

Platform

win10v2004-20240221-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\INS9F2E.tmp N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe

"C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe"

C:\Users\Admin\AppData\Local\Temp\INS9F2E.tmp

C:\Users\Admin\AppData\Local\Temp\INS9F2E.tmp /SL3 $501C8 C:\Users\Admin\AppData\Local\Temp\ts2_client_rc2_2032.exe 5845683 5849097 61952

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 23.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\INS9F2E.tmp

MD5 ec2a3559ef793d976d3f72252ade0b68
SHA1 1673ad41b3683d9fde4e331ef97711af05c4c014
SHA256 995ca25e8ac883429e67e2985887c2dc122e4d3cca48d6ab5b545e6a896ae2e1
SHA512 a9f77b1735eb88e3ed790a0bb00637a616c33414cbb6f0b582322759a3bea3bf2fd7a334f92c17dd9f1669acdacc7551611ecedb80c11e999ddd120f104355b1

memory/4712-5-0x0000000000610000-0x0000000000611000-memory.dmp

memory/3760-8-0x0000000000400000-0x0000000000417000-memory.dmp

memory/4712-9-0x0000000000400000-0x000000000046A000-memory.dmp

memory/4712-12-0x0000000000610000-0x0000000000611000-memory.dmp

memory/4712-16-0x0000000000400000-0x000000000046A000-memory.dmp