Analysis Overview
SHA256
110cc04be2c257d3b64b427bf39c64e1d347b50bc18953d96610a731a5bd98c3
Threat Level: Shows suspicious behavior
The file Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Drops desktop.ini file(s)
Detected potential entity reuse from brand steam.
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-10 15:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-10 15:16
Reported
2024-08-10 15:18
Platform
win11-20240802-en
Max time kernel
85s
Max time network
85s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Detected potential entity reuse from brand steam.
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{B6F86F65-57E8-47DA-805E-2F439D1DCF80} | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{BB4D6780-B44F-403C-B721-17EBD2644F26} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffaa0e13cb8,0x7ffaa0e13cc8,0x7ffaa0e13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12000990721800245094,7819577262615882988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 184.28.176.56:443 | www.bing.com | tcp |
| GB | 184.28.176.58:443 | r.bing.com | tcp |
| GB | 184.28.176.58:443 | r.bing.com | tcp |
| GB | 184.28.176.58:443 | r.bing.com | tcp |
| GB | 184.28.176.58:443 | r.bing.com | tcp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| RU | 195.216.243.155:443 | u.to | tcp |
| US | 104.21.67.77:443 | steamcomnuwnity.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| GB | 23.214.143.155:443 | api.steampowered.com | tcp |
| GB | 23.214.143.155:443 | api.steampowered.com | tcp |
| NL | 52.111.243.29:443 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 9094c783418a02287a50e36fa6c8a56d |
| SHA1 | 668133014fe33c9e8116f99e7398a9882f3742bb |
| SHA256 | 5fb3c0c9cce8a7576c7fb22424d9e702dab7d81d4aba2e8098264f4092a358c3 |
| SHA512 | 00b947b28b1988897729dc6c37b094441a489d33a02ff961d6934e8d5755894cf094e66ce76400c46bd035bda867516a5d5404b3ce05b6120efec3f0c981d1a6 |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | a56c996f70cf968078c9d923abd0225a |
| SHA1 | 5b9000255d6ebf9fbd0b29e820f10325ed3de0af |
| SHA256 | 9f8b7d9f7c87f37cac9876ff797b0a5779c81d01f773617a59bfbfb1dfa33085 |
| SHA512 | 7cd50ab672783c741acbbd68271ef27cb6df30395eb06aca0e3b80e9f2e53163192e78715ee10bb7f53a6b628cf91edacebc47560ad47f0cd77d769184877afa |
memory/224-32-0x0000000005330000-0x0000000005340000-memory.dmp
memory/224-34-0x0000000005330000-0x0000000005340000-memory.dmp
memory/224-33-0x0000000005330000-0x0000000005340000-memory.dmp
memory/224-31-0x0000000005330000-0x0000000005340000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e8115549491cca16e7bfdfec9db7f89a |
| SHA1 | d1eb5c8263cbe146cd88953bb9886c3aeb262742 |
| SHA256 | dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e |
| SHA512 | 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54 |
memory/224-42-0x0000000005330000-0x0000000005340000-memory.dmp
memory/224-41-0x0000000005330000-0x0000000005340000-memory.dmp
\??\pipe\LOCAL\crashpad_1716_GYVZRRMJTDHGBTCJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e2612636cf368bc811fdc8db09e037d |
| SHA1 | d69e34379f97e35083f4c4ea1249e6f1a5f51d56 |
| SHA256 | 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9 |
| SHA512 | b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbc3577c7dc5efe6a9cef1ed3c11fc6b |
| SHA1 | a2a50081cf45bbfa8dd1a0d6b97496d001f2889b |
| SHA256 | 3028460ac91d206d2f6762669b04e63c0530539fc9da7bedb7f7a7c6a727e600 |
| SHA512 | 3a129b19944953b80a60998cd4298a62354e38550b5039270be6fe432a8de640206093e2ab966aeeaea8cd13bfae706d684f5a98e8586ac92805ead81d740cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | fee2989654328e7a57b428a1d6b0f25f |
| SHA1 | 194adc0ab2fb320bca36da34197a4cfd99721a4f |
| SHA256 | dd45496a8556643aa924804c2142214e8654396877ebbcc1e4ee206b697d2742 |
| SHA512 | aafd7cf6c6354123affb7b12303585365b55f7eeb8af2d803d1aa54b48995929a231599b9e0bcf56b3f17a44bff06b4266cd424fb386f78b7a22801610e9a122 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
| MD5 | f3d70262dc5773d019b4a019592a6a20 |
| SHA1 | 08119f2875d53a296784ad306346717e6069d8b7 |
| SHA256 | 6ad367e7a6ec57626531bf009e94aa5a7264aa54cfff6443552c10e40b9b175a |
| SHA512 | a246d3e537c21690f0aa89e0bbfc78424f1b3056e580f646a0fbe2e8e69dadeefa2807152b5e069f0527b5eb8ae277d826b3b0acd6cfebcf82f1de17de50b253 |
memory/224-90-0x0000000007480000-0x0000000007490000-memory.dmp
memory/224-91-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-92-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-94-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-95-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-97-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-96-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-99-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-100-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-101-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-102-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-98-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-104-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-105-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-109-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-108-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-107-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-106-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-111-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-112-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-113-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-114-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-117-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-116-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-118-0x0000000007480000-0x0000000007490000-memory.dmp
memory/224-119-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-115-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-121-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-127-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-126-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-125-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-124-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-129-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-130-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-128-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-123-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-122-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-132-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-133-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-135-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-134-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-137-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-136-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-138-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-140-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-139-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-141-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-142-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-144-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-145-0x0000000007480000-0x0000000007490000-memory.dmp
memory/224-143-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-146-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-147-0x00000000074C0000-0x00000000074D0000-memory.dmp
memory/224-148-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-149-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-150-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-151-0x00000000074E0000-0x00000000074F0000-memory.dmp
memory/224-152-0x00000000074C0000-0x00000000074D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 961e4803a354fb34df8683432a4b8f3d |
| SHA1 | 99defe9071f78815c898a0b3bb40727f97bc586f |
| SHA256 | c1fcedc19d3fad5320df435a57188d1c6061ade9aca5597904a3adee31ce1273 |
| SHA512 | c5df2436655231b3092d1aa020f79ff46ed1a7eb0583675e3bf7ad88bb55b8c65e558dd7375fa5862ccfea36b56167d213782ab9d9c93bf7098ebef7387b2935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cbd5762054c836dcb0f32124e63150a8 |
| SHA1 | 26842bae5e9cc8f18727429e026f66f04229ab40 |
| SHA256 | f366fd8618520dc297a15adfd6a539c379af0fcd037b8c69651bb6a909737c83 |
| SHA512 | f0490c2a109809d997654f843af4d2940a42bb7eddc8a29a1a7f6b08cfb4853941bc86e1f1a5c7a374f7e6db37dc24bb92a64ec1809d4f288e50d44c7e16b8ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 929b4bd494e1f95aa3521c7946bab899 |
| SHA1 | 4ec97dc8d32dcaded743fc30e08937aad9a634f8 |
| SHA256 | c4568c071f395f77160b2975774f507e9d9685297b103cedd5c442bc2fbebce0 |
| SHA512 | 399ee918e28cff0ae120d8df770ff4d4718a15e06056a873a053cb2fc836910f07015fff7d39822c0e651a49a3f60564a9ae7b0cf58404069a915ebc49bf662b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816de.TMP
| MD5 | 359228bb36e7c97f294c4dcc9400afc5 |
| SHA1 | 81ac5d8bd450e09d06a01ab1c827596906290baa |
| SHA256 | e4dbd6bc0e33f3d8535c7900434255bf85d2334d88eaa1e862a882c0ffda46bd |
| SHA512 | fd3114fffe06566055b639f8f5b99eade4e05faef5dff4f74408ccc45a27f251530f0521d70c4434b9666519beff8fe4e8aef3ace9f10413f5e9a3ac5244887e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ab037bf48c2e605bc473474713132e01 |
| SHA1 | e927a532061503e776b5e7b80b95b282dd228a98 |
| SHA256 | 668eb5a071e525cb0897536c7b20ce29108fdbcceee19bf2dd72bf2c2c45bbd5 |
| SHA512 | 407c6af7087ebf693083981e2723044c71f189f4789a14a7c55fb89730b7cf7e904a8fac0fab6642eab1a6772b0c47bdd782fe1d2cef9a3933737dd370bc745a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9b477aad225b2fdc99b76e1bdf88bba0 |
| SHA1 | 09d02dbbb8327ec1664c637bec2a756773b3aadc |
| SHA256 | 08984c343ec727b690d9dbd103fdf8c319cdf995aaa9a2525b85fe76203cf079 |
| SHA512 | 4957d0e635d8c149b412d4bd244a8ce5559a952a72d07ebfad6b7a8f1ddc2a4af4aba7b84e18d22277914fd4e8df4b21ebf1c6c192675660b421978dae58c306 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1d178f617b46f187643f804c60296462 |
| SHA1 | fcef3a48e370ade106e56034d7eb7459c68acabc |
| SHA256 | e3e7661f799786b577cafe9b73ccbe72b051b35d6e5a58226563343f2a71c8b2 |
| SHA512 | eb7cf46d1bee7ceaa2e62e30edb7356c1b746a76d1e19ff7880b1800037597422059f3e3864d2e6f7ff6b1119bfef72de78237ba43b18d8cdf7e8cbe1838d365 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 44287506f5199cdc9cf37c005ea4f257 |
| SHA1 | 0463c6d71e9ecb333ca04ca33fe489ff42ad41f3 |
| SHA256 | 3548c08a674369c3e6e5eec6e00c64ad193564c7380a748c30ce98a8bd609db4 |
| SHA512 | 7f697e5120efd82d57fb6e35a2ec2e7bb4240e6a7f94d4fb4645261b0ed69745540deeac76bf8b06eec865a562955b840aae7a28c111a755d1bcb3b85b2f4d94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0db9b9c9be4e97b11e75653792e3a55e |
| SHA1 | 9036875327e3dc91432760f0738f1fc71eb95de5 |
| SHA256 | 13d4245f1c28b45ca208ddfb47a30dba7b1306715c2365236bca787d6e9cc2e4 |
| SHA512 | fbff8d47fb2db3b6d721896fb3c3ba820b1ed75593681db1e85d9d3e3484fa9ee603166da72a177b0caef674ff4785736b77dab11e1150d4856bb8ca260a250f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6ef4e22150a3fd90a406965c5b555b71 |
| SHA1 | 4881656aa30599c96ac8bd9c8362570b258b0ab8 |
| SHA256 | 65835c2f3012f9c615faf206df96ef22da96a2f2dc7bd44c14347d0cd150b530 |
| SHA512 | 9c2d46e11a8c976194299ae3dffa329d42f40672e3e927b28d68af8ba38149afff76966f1ae059587b1ff47fbcbeffdebe41b2715f24e4efd34aa5b759586fa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 828973efbd7cebc7301eafb5a1cda229 |
| SHA1 | 17dbfbc68a2fb42d58f279d8170682159322cbff |
| SHA256 | cc11e3ea9f22e6a09b9d3af41f4050997719fc9406a7b536e6261a9e9daae951 |
| SHA512 | 0fbdfea6d41be31dfc48e3dd86f14f479ff0e7ea5fac7ab3d0305a5920f30f3f44a5a3b814cf3b641549c3fe5a879ca4b7855922a0802339e101a30b9a1b1a2c |