Malware Analysis Report

2024-10-19 11:22

Sample ID 240810-srb5bayhqh
Target Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3
SHA256 110cc04be2c257d3b64b427bf39c64e1d347b50bc18953d96610a731a5bd98c3
Tags
steam discovery phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

110cc04be2c257d3b64b427bf39c64e1d347b50bc18953d96610a731a5bd98c3

Threat Level: Shows suspicious behavior

The file Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3 was found to be: Shows suspicious behavior.

Malicious Activity Summary

steam discovery phishing

Enumerates connected drives

Detected potential entity reuse from brand steam.

Drops file in System32 directory

Drops file in Windows directory

Program crash

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-10 15:21

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-10 15:21

Reported

2024-08-10 15:28

Platform

win10v2004-20240802-en

Max time kernel

416s

Max time network

415s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A

Detected potential entity reuse from brand steam.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll C:\Windows\system32\svchost.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\unregmp2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677768857256452" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{88397E9D-2D8A-4112-ABC8-8CE717D3F3F9} C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3408 wrote to memory of 5028 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3408 wrote to memory of 5028 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 3408 wrote to memory of 5028 N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\SysWOW64\unregmp2.exe
PID 5028 wrote to memory of 2268 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 5028 wrote to memory of 2268 N/A C:\Windows\SysWOW64\unregmp2.exe C:\Windows\system32\unregmp2.exe
PID 1556 wrote to memory of 3828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 3080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1556 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd858acc40,0x7ffd858acc4c,0x7ffd858acc58

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b4 0x4a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2416,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2448 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1868,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2548 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4924 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3408 -ip 3408

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 2292

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4900,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4920,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3676,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5228,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5204,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4488,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3324,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3264,i,2175653721464040360,9913542852453206776,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5208 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 steamcomnuwnity.com udp
US 104.21.67.77:443 steamcomnuwnity.com tcp
US 104.21.67.77:443 steamcomnuwnity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 104.21.67.77:443 steamcomnuwnity.com udp
GB 95.100.245.51:443 store.steampowered.com tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 77.67.21.104.in-addr.arpa udp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
GB 92.123.142.192:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 5433eab10c6b5c6d55b7cbd302426a39
SHA1 c5b1604b3350dab290d081eecd5389a895c58de5
SHA256 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131
SHA512 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

MD5 90be2701c8112bebc6bd58a7de19846e
SHA1 a95be407036982392e2e684fb9ff6602ecad6f1e
SHA256 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf
SHA512 d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 987a07b978cfe12e4ce45e513ef86619
SHA1 22eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256 f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA512 39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 aadbf1f0b48f6bbc35f5b8e2193cc636
SHA1 8f491463487aeba44ec318c688e9c107ee9f8947
SHA256 d0f40f177696ebae25f2d990c850f7c2f20324be2eea813d7e8a3fe02f10bfb3
SHA512 aab092cb85855a6ff74042fcc3411276d1f150586798a018e133b00e86f28e08da5657f3d173ea891794bb61ec0acb60d08b6feb7f1400f3f0a2beffc8b75998

memory/3408-29-0x0000000006B30000-0x0000000006B40000-memory.dmp

memory/3408-32-0x0000000006B30000-0x0000000006B40000-memory.dmp

memory/3408-31-0x0000000006B30000-0x0000000006B40000-memory.dmp

memory/3408-30-0x0000000006B30000-0x0000000006B40000-memory.dmp

\??\pipe\crashpad_1556_KFPRIOVOGYJVRKLW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3408-36-0x0000000006B30000-0x0000000006B40000-memory.dmp

memory/3408-37-0x0000000006B30000-0x0000000006B40000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 6f99b15529c3eebbe4e587fa794db703
SHA1 41889c197291226b8f6df879b145969aefb3c226
SHA256 0f2da15a04738f60d3e8fabf06a5ddac55d257dde09d3045f2054f46e115bbbc
SHA512 ce2a068690b186eace974b9d3dfae9de17d780eda233969944f31fce4fcef15822064fc26a4b182128faf3df04cb650be08ce669526326f7299871011b2e3109

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3408-62-0x0000000006B30000-0x0000000006B40000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 26118e9a488a7d52fe3103db41b2511c
SHA1 2f4153183a39438543d09a219cb34b2048e76ec9
SHA256 8046430480042b83341eca9b3687385305b8d726137ea4414cf235f39aaa5006
SHA512 bc48cbc47a1a1a92cc716c7695238624da302e240c133c82f254cfabe66fc68152ff13ed6df7723dbb9b694eba1c03dc295d609a6beb0cf1976d5a17b7c9dfe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e0a70e4935a989a892dd47dba38a9bb9
SHA1 da08fc6312744e2a299fd66e899a58a3119b6942
SHA256 057c24c6ecb04dcaca896b36a1591458153b14fb6d8ab91aa5689c4b4de07447
SHA512 32b7af70f809771e8bf60cbabef2602596b81f98c97663cfe0ad7c2b077078e8d2ae191218ef68db34749471562e43a844e0d768b1de3b7c8c8501ed560c7d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0334c9822a3390c223d51a0ce570809
SHA1 07a6517d56d50f8d81a660d89d52ec9baaab003d
SHA256 eaee11f56fbfe0ae3f5b610074d977ade1ebdb1d8857067aae77c7733871dda7
SHA512 d2a28236d55557da846142833a53f3f5ab2768c2cf34b060b6c66c686d1d2b0798c0d379e31071d808d5bc46dacb4dc7358de4838597eae55f10a6fc4d03f5fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 979ef6f64c4a3706422ed1dda02dcb0f
SHA1 4fe12beadec3e39232981a9c0fe96b0878b12572
SHA256 2fd8197e895373fe000d50fb66379d741dcdbeba933c957752a20c51c3f8655b
SHA512 5dde8c8df872ff2e054c4ef8da271a5c6ee7b90ff12ce424cf36192c44ff4f08cb877ed66de96ce55c5556a793188e594da274685802fa7881e6dcef9cf635f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 2e40544112a0be933732353ffcdc251a
SHA1 bdf891fe1e5f6b27f52562715968302922b1de06
SHA256 a5b6aebcc6c53c48d9165c82470a820ea0f79615ebbfc2c2f516be0aed32b4de
SHA512 744884b751b9dc0704a6c512a8eb7388463da6b30036cf236f11f183a2612fdc2b4d78bcd289454337e100887642296dad29fa56f16e6e34443bfd2189e52fc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6361604579e225e81c85d719d2cd11b
SHA1 526b98584a95f1fc036ea10d425e1274f2ae3eca
SHA256 4d063bd4a10619205ec61585bfd92011727b73f0e06f1df34ca69a26307c6ece
SHA512 e6a3ce375e1ae0e2b9ff6bee217df87cca8533d47634ddfd310a178112f471ab2b3921c3dcf1e2cc5cfa72fea36f165226a94d2092fae2715de2a249733c7961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d02c900b5b92dfeba9143a80fe8d0409
SHA1 81b7b24b03fa02d13f19fb0cfef0522fa7dc0c70
SHA256 eb956f1cb9fe4cf034d507e1c8c50d6d1a1d38e873fd88d816bb586f77c72955
SHA512 fb01968c4b2f9979579c315d9b48e0d6cb633483acd0eae4d4d5ce7bc8d6cbf9b8db14aacef55eef48eda616e380ff7441efa5efed2d300fbeaede9e7211b7ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 33b239a281a79d30ad9e2df499720fad
SHA1 1f464f3a4848c98e68cd4aa2f3ff9362da3a7232
SHA256 bc8dae7785cdfa448bf1a09fea6970caf647629a773b171c4b7415e4c6679b0a
SHA512 0803e2936ddb46625ee89a038782ab037945ad300d2c8bb5f1e9806bde6d1a15de0186ca606855d3a6d13ca1b3ac7b0723cc3f0f377a92c71964057d11826454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86e66752a2ccb1ead0e6a624af922093
SHA1 bc53da04bc30bcbcf36518b2d4be15ab5be690cc
SHA256 8884a5ab3877ba6397cb8d75492c6de1d2c6d4e81b293df84bf4ba7cff4e3d05
SHA512 4f98edc4059e0ed4440edd8f8d8e3c9fbc290a670670110c1fcf2beb39defbff08d1d18f55cbe0d69e0694ea67df357169f79c3c02f28a1a7e2b461a7973a5a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fd6be5c47f2c0d4614a73a6554eb9aa
SHA1 f77b2a5bd39d88a4d2ed042a88d7220443c7f4b6
SHA256 a6258cea9ed0fdb136ebef4a6d083a605bd10815e681fa06b595bd8c5885c7aa
SHA512 9f5293c3dd35a73e5ca8234a26f0c205b1efe6f1fcf032b9ac7c091451573ea09b3c73d59ffaac6d6b88dbf0d2549fdf7c39ff3a8d014ed944d70b874d90bd9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e98ae53cf598c5e04a6dfd9ea9de06e5
SHA1 3d94df4583dae35bf1269d532e39630b0a46d7bf
SHA256 bf3ef21c7e5ec01006cd511df7f5ed8d16693b9f3be4b3af9becefc1ab3b89e2
SHA512 3913baf56ae4b106ea4b3c623a23f59a25b99cb56d1b01ee336b0e80a787b9c39977a7b4bc7f164dc167d85ec61390fb66609589a424bfa97966f2d889361f07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a5cdf060fe15a8c2dc898d98b6431a8
SHA1 967c8f9b55e163a359ab2acc2884081803a28d57
SHA256 bb4f87f90c942d47fe05a5405bc6b9543dd75d35c4e776d4aa4fd3e2e7984fd6
SHA512 5982a2973c5ffa668e2b81b94f416b1fc1355b68e6c91f95ba31e5342dedb86e9d7bc3b1dcc983a1d431bc3de9df7e75d0c0ab7d0db539b6333ccee1323ece6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60613d1b44814cd7a7ef974a2388ab9a
SHA1 9f5733b2f02eea897ab61e656bff0b2e0b51c0fd
SHA256 4c19b07b3f05bb11edc3a99b3d2956a7f344ae455af462580b0dd7c3a263bfb5
SHA512 b813b5bf513aaf8e34ca7a9ca5e0f20a776393fe8f79db8d6c31cc5bede1b7f7b8bfdba629d253b8838db58170aaf763f7e5816c0cf799b9c32a580c86b62f1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35152711c24fd65343fab1c84a77fdc4
SHA1 3e2e20fa4ca4b699f055845e3e1187238410af57
SHA256 7992273b668ab93590b172bea3cdea0ab8572845c9d96d26fabdd80689d87479
SHA512 04c175b6c064a2895c28bc3adbb24a8bcbdbd544b584191aced6ebf72bb91328f5367f1fd9d73448caa4738af29547f482f67fcf1a1f791045e9204b42d2e213

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 57d29d8022785048211729086f758ec4
SHA1 dd0f017243608303a1081dd44fe72749733502a3
SHA256 68202d26481abbf5d586294d4c1a31205a2d858886b08ccc674f8333a40c7779
SHA512 86f24e36bffc2012277a091a0c5b40a1a79837b64c25dea9a9cd8cf8d4212ee95802b14fd42b425659f40bd21296033c982621dc141acc4ca347ea2c7532bf72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ee369cddd57258f33379594973ce762
SHA1 f0e8a9ec36a6c9dda6f9819927734953680eef14
SHA256 459add94ec0af997cf826d59676cf3f3394b6674236b276b0d2d44d859673283
SHA512 b16c1febc6fe322480297e484a74cc8e431be34b987cc3bd32ee89f7648482a1cbb7bfe84013f855caeb3a8416e8681996422be1ed5654bbb6e8c6dd29e230ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c651de33d1a56a9b481b71ac42dd9220
SHA1 b4059e35559d019082644fe52a21a4ea3e6586b0
SHA256 d811a9b3fc05d49d62be1b25055ea9807ce9d95b471b16d71b8ea2958a3e28d7
SHA512 5439c626c281ed0e1a4f3982eac6ef9b73bdf5c4ed625ba39983194b54e95c935ed02b1aeecd05399b7bda2bc3e472494efcfe7baad0e995dffa04df0300f5e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4fb94c1f7c79051ff4e99d364967bcb
SHA1 04c4b867f86db8934763e040be88597439865285
SHA256 b48a3eff89e980fafb5bad8461ee8779d9dccf23fae06f799d6fd5fb360fd348
SHA512 307c6ffd86294eb074e819eb4c828a33bf967dcb34f17f4908e307e22905cfe6962e2e245010662765f65254d349d8ca676e426fa377dc43a4f8d6a396e694a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3975191c4e9bfd63d9da46c8cee42b28
SHA1 dced598f2c177d9dc5dd1f55eabe52a262c79ff6
SHA256 240d8291cba12b78ac979badd225509c0f864650540eed521debb1dadd621d41
SHA512 ff34d3dd4b9195e717824eed756ff164dbec2f0fd2e1a069df1c25836c369b6da8fdd632e9eb23f3cd2c9800709e1a81d7c891e05710f33d23027dd164174b9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0dde75c04c3193a49f3217291019a2ec
SHA1 37f7d13bb54a3f02f99d651e538d842b3e64ff2a
SHA256 ea92f13d680b02c1cc63ede106cb129ca64a6e393048597598c9540f843238fc
SHA512 8390c08144a2d9ea84789c21ed9dd180fde0541ff8201a37d8792ab5f07ceed9788f57283b4520d42a26328028c97493ca6d21eb35c79985bcfced0aad2cc1f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 29c9ebf658a44020faf65b48e8bbcca8
SHA1 cdf2e320528b2ac23e16817b8d1d57f4adacf3ce
SHA256 00f14b08acd0d43b558a40ef02260312a192ed8f48e81b2f8c41deaa63ee9dc4
SHA512 32e36b63ed3d8e8db71cad4409f2c7fc81026ad3d438a1fb545da0a1b510e829ee23a245f77c4c11be5135f3eb79bfa6d98decc1bed67cc64246464b85c2914b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 418c3f34939ffbd1452b71b7e3133fa1
SHA1 2c639cf1b9e577216594fc839e923763ad8d4ceb
SHA256 0b81ee4d55d3fb99127119009e2f4c8108a07360c8a46a9f1dfa5070b8a3fd0f
SHA512 ef60ee5e21831271b2dbcf04838f817f16572a40b89691d01498b546ba9f1af2ef15cfbec9e81e53c78d1f6dc5ab38105dd4e51f6013282bc5b2b5f3df3e6245

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dfd5d6e091ccee37f8bcb615559b440
SHA1 25451003d26205f0e72279c6e39b2e0a5faebd03
SHA256 483e39ed2a33b48a422fbb378eb7757db8201be77c2afe57dc14f243ebfa356e
SHA512 ba147778c93d8d87e4b50ff2a9b73ef9afa2549571d0f0b57159568779581dbeaafbf22e64fc6007cd8324d0c9cbddc874abfa099d95f45d81472e038c70e619

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d8055bb3689592d642177b6f6bdde3fb
SHA1 cfdda5d272298a53ccdbcd6fe2c099a73455b52c
SHA256 21e1128e39391488422cb77ddc05b7d8547c0d7b3d4940bcab7ded0108483710
SHA512 593bd7a2e1edf8feb18afd9a8f3ece5debfc1bd2f8ef69f5154323a3b1127dc1d8e8ca3b74b87e92748caa0e73d19d90c38d85e25912db41a3a38f58d63f5868

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 670bc8ffeb1486d85defa89aeca28c59
SHA1 b38cd00cf3e6520d0da51d9cacede85b07b98a70
SHA256 7946a92ed225c0e88f7742e82eb8e840d02e451bcbc3575b2b883f57e1f2004b
SHA512 c4e31f35bf65dcdfee0ce2aa8aea7011141fd8b7940b40a78fb34fd2839c934ccb7b7a0da948636ff0a3ef6f3ab14fe044cee3967225512fd2b7141c4cb8c8ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14189c507728cfab32ae0a9b7153ebe3
SHA1 fe86fa2e7800b436f7c6a5c568de7b976bb85a48
SHA256 63df1eefd62f83ef4122dae71e96f179500bbc2684109376cbe41c0dacf7272c
SHA512 dc704ba6f3b132e4d424e777fb71f3f21f3cee4d5366ef0b96f94b27fcda4e1ea8c375317e8594fb08281e56bf14bf58eabe8dabfc3cb181035bf38f7a9b996c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bc84683f5c5cea29d796a9101602a11
SHA1 ed0d8fd0fd0c7e09853e143cac7308559bf3560a
SHA256 dc49959fbd45249fe29e9de3365d2f4782ff7c1235ca7da8b5349864328468ce
SHA512 b511b788b038de43b28faf6b5b4dc13b2ac9e12638acec980c834984e17ce7c444655770c77e0d93651d4df007978123f25d56cfe20b062049b875ed7a0e9f3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3862f8afab4d252372586da6e7de225
SHA1 bfa65ae382024a1e4ef1c0213a0121d6b4d61115
SHA256 c13d2faf9e121925cd72e39fb6ce07cb5336d7785e67652717b3044ebbc6d9ba
SHA512 c1c91e7be7e96b14abe995d7cbfb4e983eed54c7c492a6b783ede17c8c87a6827caebfd046cebaea8fb5dbd184135ba9f07c947d5ea0b3ca5bdac67fd5fd0ccc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9791f76ca8e5c242a4d39a12c364db6b
SHA1 afa922f7dff06cb3ac864adc52f296478d997148
SHA256 2c915b0cc2ea57486931a05d398db79f99b1f2853ca8366305e689af6688f269
SHA512 b5abf4fa3e4e726179e71784f25acea86d8b2e517566928b6ae41c6bef45e4d3ffae43d7a4552c236294a52a8b7a70e2cb3461c60f3be4f2ecc9ed98caf4cf56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 47abe15c4cf778ab660107df2e11b67a
SHA1 bff0a24b8aeb373f298f549f80933461d7c41257
SHA256 e47c960036ffda3ae20f9b2ffadfaebf47d9100bc3ee0acea56a8de701a94f9c
SHA512 2259038326b3a67c46f267b0a47fb2f00d3b6ddc416401afbe15726d8ddf35c06068ccf883ecbac8ed16c8d484f03f56dfef37328f3debe7097685d0c1ff6c17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2afdf1ad9e9cfbdade797ef990081b68
SHA1 188a731fefca1a9167160fc292528aae136b7509
SHA256 41d22d445c78d46d1535f1710e20211cbee7b7a6135e88c9f646380705ad62ec
SHA512 ea09c097ac4fdf507952315b7ba6dc7a863cb7bc0ae6155742b3e8b89b8190cd7f670a74df7c8e491ce9a7585225718997726f8a7aba293f4f78184c7eb586ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0fa67fef0b291e1e84f947e1a218044
SHA1 b073dd4aac58daf8bb3b406d0c7c9161b750ec6b
SHA256 e110eedaf2ac24b91523778986dfc339312009ea0fa1389785c126f6cecbe7ba
SHA512 35ac705cfc9d654f058805385b9f6d5b5f9341488c05ee70ebeb436214c11f0e01912af4c376872370169fe759249b397902977b8552c34db671f381cc03cea4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7bb205d09e9ee917e4d0b5cb242b3f73
SHA1 a9d27f89545e8055b21d7414cfaa2b813dc65145
SHA256 c0188ef5889b82004a6ca9965a5aaf929ecac6024c7fc666db7bd0b8eb6b58b1
SHA512 c2530beac52a680e71feb4dc97c4dcb01b5dddffa6ba24f704979366471d52cd5e4eb2922644c1e73b784922fc02c8e70e94d0c19c96c8842b088410d09d7581

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c781d92cd142e9dac56c6d8011082391
SHA1 62d86688dd90aebf4ee06ea6fb83fa3752fd627c
SHA256 78a36bb9e4355a50ee580d4a549187f24c4e745590d21d7f1b26c4b9cba77700
SHA512 1f3a2b6d3f49d9f4df4e4a3c08cf5a2b4e39ffe86ecc82fc1c0bab0891c4c48dc0b8aa45589fd43490bd98270fc23cdb92686169151e0e5c917547619bc038d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d37558a1ad49e654b588b68d9fbc0aa
SHA1 521441d7b34c6a2486d109ee1f9677f89a576bc0
SHA256 c61291ef2d2d175d249d1a124029aa661443dfb72110282237acada22a726b78
SHA512 f96e6c46df9c3cfb98932bc1ff7fe5e34db1ae77e117e6ce088f0004fafd347ef9aef9b2ae672f605b3c2c6a61c66b13f7ee6b86ed034a6de28e5c609863d839

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a5c73aee125f8067922e8f1aca6ea12
SHA1 8b62d77c57fcbaad59b6e4f2e291fff9e820de76
SHA256 dc12ee3750bb401638bd5a8fb34fb7f696052efa4dd6e393d852c035fd48d348
SHA512 59fab01cf4bc87e3361848c7dc00cbe663badda306d779d03bec7593af9828d8dde671151f8bfa691b6341f338db1bf6e59ef7ed8fa960569bd2a4d2e31d7374

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32c6b7e4c1df60f29bfbed43dd1c1786
SHA1 890697672d39ec44493fcd2302b97c994a671edb
SHA256 5fcbd974df74e02e4fbb12b87ba02c1a745d819251ec55478051482e585a4908
SHA512 0c9a8358ef7132d95194bafb47c9597f2e260798d71ed08daf1887adbf909c27aa01736fca3d76e85ff66c0c7716ff1fc6d7755df6d087a2a26af84f6789bd8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1832630efbdddd0cd4976464ba73d8bb
SHA1 fec2b59292345c4c1cb4a189399d527d914cd1af
SHA256 6e6fbde81de9ea880d3bf279d918ed579e815b1bf0d366a41b4d9fa2b5e71cc7
SHA512 a752a76cff3fe4f696a385b869c431f9898d6d835d06c458dff7e92a2693f8158837c6e8ad4a19f5bb54367c2f7de20c0969642aa3751719bb8dbc18a228f5ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f8e42d23a0666b4baa19bf5eb178541
SHA1 c869eb111de07e0ecbd3f7fcba240d6ae17efb99
SHA256 a7fd6845400560b8e2054c64af51d27f4818d6c9e1e54bbcac460b369c00a8fc
SHA512 499c8a92e8cb838855d5cf8d58b7d8f232ee51c03235d01c07388c20adb5e2901c3c241c6e6137f7395a2f9e26ec0f61cbe15696d1b937d15628e0cc6fdd97bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b8a74bcbe21f8c5a933cf324e2e3778
SHA1 279534cf4dfdb50736e4ad2bf4e3d7b0c7515752
SHA256 a34aa779f3c975ebc5135a9c3a55e9d0fa39cad5d321b17b25c323ce79e8446d
SHA512 624a24ea4d038df534c9349c63494f06c952a9194ea5ac966b7ebf7d48867cb401b8e23672001b4a730f486b48175e374685fba9f50f37cc2941d0122ad66897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3cac2329beba13e09e9d86bddab154de
SHA1 646e3f777f2e1099c5b4fe39a945b13a94b19731
SHA256 867b57409bbe0dadbed7c6b6110575d37dda081c7691a97465dadedccf4ee445
SHA512 251e51b1fb5e230834bc89130e3dc1896cf400f8926411bb2f932d77e4d7959c9115b422bfe202f0b2796e7cb0330e620f6c1c4a03f6fcb20e5aceab75561ed6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10201bf607eeda5d757259b5e63ce4ce
SHA1 87dd2d261c859482c5862e4701e7b6fc7c0fe51c
SHA256 4861cf59beea8b438d60dab019c23fbfee693686c794618dab1bfd01ae7f06b2
SHA512 8387dc51eb88a3184507a52c7aaca7e8a1f04706be6d148bed13948416ef08eeef916a61b48799060d07f4508dee28eb53315d790436e29776002a6259ee2bf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f45d01d019c27fb63050f52038889ac
SHA1 b13270c733ef91090eca30ca78956ba3d07fc819
SHA256 45ef05989162d1197ee6020090f649a132239b82c02bac376206a622d7c79ddc
SHA512 c0512c648673ce0a620e4390a15ca5fb77fc700a65f6efb23ffe096af5b4a88a01592a07b33719a94cac131692b08652b19b169c9dd54219e4cb05747630a107

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8375e79606c0a98a1e76aff8828dd424
SHA1 3a431bd60d839d8dde6650e2f7326709f3b872dd
SHA256 1cf75fffd938eba2004484985397a1ccaa0adace68977a4691f546468219a898
SHA512 e9a170e9774896897722a0ff5b61e557c35a8755ddfa16e75b284bc58f91e3157029dc33a8fb64757eda13f0e53b7f729f95be02cdeead2b43f61843f8c613c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce686e680ba2e333e3b8ed023ec98151
SHA1 ba397a589dc71869e77d43623a72ec0e76e6abe5
SHA256 8ed20c77a91141c73bcca3937b78307bf3c854f0899837112973131e33f87d13
SHA512 ad8c540cd7e094eef568945726104436e802aadcc4eb664803d6a9e2ca71f51d1e68e74a91e3d3cdc8d329fc62fc55d90e59dab63aa47dc6c1c9632688488104

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 11286a071407b250b2f0d5bb01920f9c
SHA1 d1e6d04dd8bf27bd36812002c6da715696b48503
SHA256 1fa60a47c6ddbf250b8ca33fbbf99d51f98025792fa05aa4e5a11cf6d70afcb4
SHA512 6cf73b95a115907d14aec79c438dbd62a39da7ffeb141c9ef587b75a26fd6ca1043be7a1c581254d5d148b756a95c4fd6d4c86dce2dd132399d26c67370f3508

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a7553434838c89a1fb55d545af561e7
SHA1 4d062ff419e64fe87b9cf5c30c549e8873e3ecff
SHA256 dd761971c0d453cbca037da2bb1a3a1d505e882081d6c7a3a9aa7656abd228f9
SHA512 3c3ef0ffeb28918b72be1b717df94b617d5833a70ee650635ea6318f55ed1df7ee5c8d036a2012886a7e424a15805a9f910e915c7ae37be75d01cdd41de3e02b

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-10 15:21

Reported

2024-08-10 15:23

Platform

win7-20240705-en

Max time kernel

140s

Max time network

125s

Command Line

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3"

Signatures

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Processes

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Helldivers 2 Main Theme - _A Cup Of Liber-Tea_.mp3"

Network

N/A

Files

memory/2220-6-0x000007FEF7210000-0x000007FEF7244000-memory.dmp

memory/2220-5-0x000000013FEE0000-0x000000013FFD8000-memory.dmp

memory/2220-13-0x000007FEF7080000-0x000007FEF709D000-memory.dmp

memory/2220-14-0x000007FEF7060000-0x000007FEF7071000-memory.dmp

memory/2220-12-0x000007FEF70A0000-0x000007FEF70B1000-memory.dmp

memory/2220-11-0x000007FEF70C0000-0x000007FEF70D7000-memory.dmp

memory/2220-10-0x000007FEFA100000-0x000007FEFA111000-memory.dmp

memory/2220-9-0x000007FEFA150000-0x000007FEFA167000-memory.dmp

memory/2220-7-0x000007FEF59A0000-0x000007FEF5C56000-memory.dmp

memory/2220-8-0x000007FEFB250000-0x000007FEFB268000-memory.dmp

memory/2220-16-0x000007FEF46E0000-0x000007FEF48EB000-memory.dmp

memory/2220-33-0x000007FEF5EC0000-0x000007FEF5EEF000-memory.dmp

memory/2220-40-0x000007FEF26C0000-0x000007FEF26D2000-memory.dmp

memory/2220-15-0x000007FEF48F0000-0x000007FEF59A0000-memory.dmp

memory/2220-39-0x000007FEF26E0000-0x000007FEF26F1000-memory.dmp

memory/2220-38-0x000007FEF28C0000-0x000007FEF28E8000-memory.dmp

memory/2220-37-0x000007FEF28F0000-0x000007FEF2947000-memory.dmp

memory/2220-41-0x000007FEF23D0000-0x000007FEF254A000-memory.dmp

memory/2220-36-0x000007FEF4570000-0x000007FEF4635000-memory.dmp

memory/2220-35-0x000007FEF4640000-0x000007FEF4651000-memory.dmp

memory/2220-34-0x000007FEF4660000-0x000007FEF4673000-memory.dmp

memory/2220-32-0x000007FEF4680000-0x000007FEF46D7000-memory.dmp

memory/2220-31-0x000007FEF5EF0000-0x000007FEF5F01000-memory.dmp

memory/2220-30-0x000007FEF5F50000-0x000007FEF5F68000-memory.dmp

memory/2220-29-0x000007FEF63E0000-0x000007FEF63F1000-memory.dmp

memory/2220-28-0x000007FEF6400000-0x000007FEF647C000-memory.dmp

memory/2220-27-0x000007FEF6480000-0x000007FEF64E7000-memory.dmp

memory/2220-17-0x000007FEF7010000-0x000007FEF7051000-memory.dmp

memory/2220-26-0x000007FEF64F0000-0x000007FEF6520000-memory.dmp

memory/2220-25-0x000007FEF6520000-0x000007FEF6538000-memory.dmp

memory/2220-24-0x000007FEF6540000-0x000007FEF6551000-memory.dmp

memory/2220-23-0x000007FEF6560000-0x000007FEF657B000-memory.dmp

memory/2220-22-0x000007FEF6580000-0x000007FEF6591000-memory.dmp

memory/2220-21-0x000007FEF6F80000-0x000007FEF6F91000-memory.dmp

memory/2220-20-0x000007FEF6FA0000-0x000007FEF6FB1000-memory.dmp

memory/2220-19-0x000007FEF6FC0000-0x000007FEF6FD8000-memory.dmp

memory/2220-18-0x000007FEF6FE0000-0x000007FEF7001000-memory.dmp

memory/2220-44-0x000007FEF59A0000-0x000007FEF5C56000-memory.dmp