Overview

overview

6

Static

static

1

X2Download...om.avi

windows7-x64

1

X2Download...om.avi

windows10-2004-x64

6

Analysis

  • max time kernel
    580s
  • max time network
    585s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    X2Download.com-комару битбоксит.mp4--online-audio-convert.com.avi

  • Size

    611KB

  • MD5

    143cf0dc64be0c3aa0b43299e3f65b66

  • SHA1

    bbe5f4b9e2f3b5d88c3342eafb342c67527eeca6

  • SHA256

    537568f14b7689ec285d979b3c9344bc9b00e34a497b7446964e1831e004975c

  • SHA512

    ff5245de9fb0641406c2f7b61a10551997201767bcd03171cb3b1df5eb25e0a56224511fa33bcc7fd6d222dccd2ca20d6424bd2dbdaef95b6194bd0f9e678dc4

  • SSDEEP

    12288:PjJIBbBB3ZJolCDZjkmp2I5Rt9WrT6VZRiNrLeZXcy457ewIVRJ47yb:PjJWBB3Z+kDZjRpdnt9eOPRiRelRqejH

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:8 /Open "C:\Users\Admin\AppData\Local\Temp\X2Download.com-комару битбоксит.mp4--online-audio-convert.com.avi"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5116
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:4460
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 2352
      2⤵
      • Program crash
      PID:1464
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:5060
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x520 0x51c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4840
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1652 -ip 1652
    1⤵
      PID:5080
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff9e0546f8,0x7fff9e054708,0x7fff9e054718
        2⤵
          PID:4588
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
          2⤵
            PID:4436
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2680
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
            2⤵
              PID:2236
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
              2⤵
                PID:1000
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
                2⤵
                  PID:1688
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
                  2⤵
                    PID:4856
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
                    2⤵
                      PID:5076
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
                      2⤵
                        PID:3948
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2960
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
                        2⤵
                          PID:2392
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                          2⤵
                            PID:3356
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                            2⤵
                              PID:5032
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,16940495260633794929,3439132526462565528,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2376
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4984
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4440

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                0446fcdd21b016db1f468971fb82a488

                                SHA1

                                726b91562bb75f80981f381e3c69d7d832c87c9d

                                SHA256

                                62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

                                SHA512

                                1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                9b008261dda31857d68792b46af6dd6d

                                SHA1

                                e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

                                SHA256

                                9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

                                SHA512

                                78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                180B

                                MD5

                                00a455d9d155394bfb4b52258c97c5e5

                                SHA1

                                2761d0c955353e1982a588a3df78f2744cfaa9df

                                SHA256

                                45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                                SHA512

                                9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                9f18180b73b69e1e447274245755786c

                                SHA1

                                84f87ac4a4b2356758e74631e5ed470a1f90ee42

                                SHA256

                                55a52b431bf0957b4f66e3fe0af2b672ec2c2e4f2facae5e2f8a194c08f6eb36

                                SHA512

                                f0e55967cb7c08b88653b7c341fcbb9c096bdf9cad8126383564d76ba0d4416a5ebc38b5bb412ef3a415d4af14e733a4669dbac69584d06db0ee4cca1a22a946

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                83653e89b152417c9c98cff285e15325

                                SHA1

                                0c68fd9a616aedff1fc7ec5ff2a8dfc3fe3094e5

                                SHA256

                                242aca8d4e94151457089de67dd8bb41016d8f6e8aa5f287493432c121010a4f

                                SHA512

                                d55b5216cfd60e7c18179184e9d09194cbc68b5d84ddfdeab9c34df55516332b686e8fc93a09677537d490432136933d2bf1d054014316d1e01ba125a855efd9

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                51c12d7d585a8484e87bc132fa083bb2

                                SHA1

                                5e875940a07d2af10250e8f88dcb115f9354436c

                                SHA256

                                7081fbe4947c92b33e765fbbbcaf059155d7f1f411718c9369569f94a5b9285d

                                SHA512

                                1428eb47b4b1577400e7fbd09897f4f351ce172d933d5c6b3a02c34a7f50e0b56ee36f50d251280dffb0c196d3c3228da2a28cfee32bb7815db30e0566e280e9

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                902242d4f11828bb5de9d41719c91b2f

                                SHA1

                                5ef9fd656d681d74cbe315ac4b20520574d9d41d

                                SHA256

                                ad1792fea5bf333e4de395989cb63fec0305da5aa3b0196a48492735682c71b7

                                SHA512

                                aa9e4a5cbc7952764a724f552a06fe3f805079490336257e5662d7c14a3121be3d54e49bb1df73cee1a1ece7b62d10fd0b2f846957142f1c47e7728732b93f67

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                5e2b5c14dbca41895d65290732d42387

                                SHA1

                                6b554dad72db5484f70216aab6b6bd763df61dbb

                                SHA256

                                ef00d149e3e3ce1643ef4249aca0f9d7cd330f3ce43c9657d2c5acbb6065dcd8

                                SHA512

                                6eb138759038d66f62f97b686087bc6f992fcbea7a86a7fcd79074002eb995a6faa00ed0a18639a8aa815fcc6070da8839582bda21a9946e040eb686bd126aeb

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                a89930452320dd9109683bed71a3d746

                                SHA1

                                3bcf3735277eafa42477eddf0a648a5972dd1e1f

                                SHA256

                                ae6d55840737ace986671790e755cb4842d0ae8cd142ab62bd04dc6ccd3ed78d

                                SHA512

                                c1c2a73837ad0af5a96ae5b81ba7332267c65031cc18743211a6900d918700f866c8379437bd731705fdb90090734b5c69e423ee907030d25c786427132682b8

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                Filesize

                                256KB

                                MD5

                                563088ad0f20fabf9dd62c6ba8ae1636

                                SHA1

                                f9cd2fd153afa1a12ff990cf27c32b8c9c44e878

                                SHA256

                                eb897bf202d32f067728f1b666eb16e9926557efa8676b72db11411013030184

                                SHA512

                                8229dfb1d96b6a34b91b1e5c463833e7859331be880f585c48af1ba0ace0465ac755c7f22a9e6f30284266165f850e8f85af76157eea8136b2d6f79db02d3092

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                Filesize

                                1024KB

                                MD5

                                817e10a7978c71df99339dd87e8bcf81

                                SHA1

                                abd12a7a9196057480ff9f4e18acca33e2b53a4f

                                SHA256

                                d848b2ec3d2f7e5e889912a4b23561cfa5988036c902fbe3c08f8f1008390552

                                SHA512

                                3b9d57920d6a130e97182ae861cbdeb8479636eafa0bbbe7f8e12adf92bb925585ea789953cdefe72739a9429b14f3f7b1dac89adc2f6be72e2656730efb7761

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
                                Filesize

                                68KB

                                MD5

                                47278ac606078ae3fe46e16cf3561e53

                                SHA1

                                b6c2a89dd1d8c52ad34c35901f8a311ed4ecf6f6

                                SHA256

                                0becc755471ab669f3c9ffb4bbc2bd0fee601189346b32e7934a2d5a5e0fc680

                                SHA512

                                eba46fc2b39e8e7be5fab489f01b1a09a6d58f83f6cc763c43dac84c8fb85fa6f4d55ad45e545e843042b8db3839aaada47ac10efe36de09126e42046330a67c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
                                Filesize

                                498B

                                MD5

                                90be2701c8112bebc6bd58a7de19846e

                                SHA1

                                a95be407036982392e2e684fb9ff6602ecad6f1e

                                SHA256

                                644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

                                SHA512

                                d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                Filesize

                                9KB

                                MD5

                                5433eab10c6b5c6d55b7cbd302426a39

                                SHA1

                                c5b1604b3350dab290d081eecd5389a895c58de5

                                SHA256

                                23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

                                SHA512

                                207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
                                Filesize

                                9KB

                                MD5

                                7050d5ae8acfbe560fa11073fef8185d

                                SHA1

                                5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                SHA256

                                cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                SHA512

                                a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
                                Filesize

                                1KB

                                MD5

                                a960dbaa53150efc96e78ee3f87811fd

                                SHA1

                                436d7edfa11b698800872d51e688e40b7099a6d4

                                SHA256

                                e50b0e6fe8e18fc959aaa33bffde312682eb6f7740e684058435f9aa4a017088

                                SHA512

                                8ffef0c2bf1c1211aebe262e24b2c30af94cefaec107e44f92159774b3090131eda6fba07fc081f81037a9e0e1d58d9da8ca25812aed0b1ef97fc06fda587420

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
                                Filesize

                                1KB

                                MD5

                                5a9b03e29421ae1f9925cdd01b928a1e

                                SHA1

                                4b8fa24c4106b0065ab94a09505ebcab58d13226

                                SHA256

                                2364cf86b34d012f175534e398a00c104a12a3f117c7c5d6d870a851279a3511

                                SHA512

                                7757f747e279671386cb75467b1aa3aa6d850056fca7aa4e267393051cf9f33238f397fbfac9dfd543eba15cfe91855d5b83c7281459c35da883b29c21f10c02

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
                                Filesize

                                3KB

                                MD5

                                6450213322aed3d9626aaccd66a9b999

                                SHA1

                                2ba58d40a327b481986af190ac2a4baca49498c2

                                SHA256

                                128b9dabc61abaaeadd4338d2b80e685b011930668d427ecb4b9a4a90dc350c0

                                SHA512

                                4213db3799bb12d4262f454fb04e7b27f763cbeb0f5adf6626221f270745c234663423bcc420bffb2d04135f6ab26641e937344c68767c75def6db52b27439b5

                                Download Submit

                              • memory/1652-42-0x0000000004AF0000-0x0000000004B00000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-41-0x0000000007810000-0x0000000007820000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-40-0x0000000007810000-0x0000000007820000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-38-0x0000000004AF0000-0x0000000004B00000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-37-0x0000000004AF0000-0x0000000004B00000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-39-0x0000000004AF0000-0x0000000004B00000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-36-0x0000000004AF0000-0x0000000004B00000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-43-0x0000000004AF0000-0x0000000004B00000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-71-0x0000000004AF0000-0x0000000004B00000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/1652-44-0x0000000007810000-0x0000000007820000-memory.dmp

                                Filesize

                                64KB

                                Download