Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?

Overview

General Information

Sample URL:https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?
Analysis ID:1538468
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4856 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • ImgBurn_822881.exe (PID: 7968 cmdline: "C:\Users\user\Downloads\ImgBurn_822881.exe" MD5: B0122909933A4243C6055AF589ABCF51)
    • ImgBurn_822881.exe (PID: 5552 cmdline: "C:\Users\user\Downloads\ImgBurn_822881.exe" MD5: B0122909933A4243C6055AF589ABCF51)
  • chrome.exe (PID: 6768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • wmplayer.exe (PID: 2092 cmdline: "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1 MD5: A7790328035BBFCF041A6D815F9C28DF)
    • unregmp2.exe (PID: 4960 cmdline: "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon MD5: 51629AAAF753C6411D0B7D37620B7A83)
      • unregmp2.exe (PID: 2472 cmdline: "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT MD5: A6FC8CE566DEC7C5873CB9D02D7B874E)
    • msdt.exe (PID: 7064 cmdline: "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic MD5: BAA4458E429E7C906560FE4541ADFCFB)
    • msdt.exe (PID: 5148 cmdline: "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic MD5: BAA4458E429E7C906560FE4541ADFCFB)
    • msdt.exe (PID: 5140 cmdline: "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic MD5: BAA4458E429E7C906560FE4541ADFCFB)
    • msdt.exe (PID: 4828 cmdline: "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic MD5: BAA4458E429E7C906560FE4541ADFCFB)
    • msdt.exe (PID: 2544 cmdline: "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic MD5: BAA4458E429E7C906560FE4541ADFCFB)
    • msdt.exe (PID: 4984 cmdline: "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic MD5: BAA4458E429E7C906560FE4541ADFCFB)
  • rundll32.exe (PID: 4580 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Downloads\Unconfirmed 50026.crdownloadReversingLabs: Detection: 37%
Source: C:\Users\user\Downloads\Unconfirmed 50026.crdownloadVirustotal: Detection: 35%Perma Link
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.254:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.254:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: C:\Windows\System32\unregmp2.exeFile opened: z:
Source: C:\Windows\System32\unregmp2.exeFile opened: x:
Source: C:\Windows\System32\unregmp2.exeFile opened: v:
Source: C:\Windows\System32\unregmp2.exeFile opened: t:
Source: C:\Windows\System32\unregmp2.exeFile opened: r:
Source: C:\Windows\System32\unregmp2.exeFile opened: p:
Source: C:\Windows\System32\unregmp2.exeFile opened: n:
Source: C:\Windows\System32\unregmp2.exeFile opened: l:
Source: C:\Windows\System32\unregmp2.exeFile opened: j:
Source: C:\Windows\System32\unregmp2.exeFile opened: h:
Source: C:\Windows\System32\unregmp2.exeFile opened: f:
Source: C:\Windows\System32\unregmp2.exeFile opened: b:
Source: C:\Windows\System32\unregmp2.exeFile opened: y:
Source: C:\Windows\System32\unregmp2.exeFile opened: w:
Source: C:\Windows\System32\unregmp2.exeFile opened: u:
Source: C:\Windows\System32\unregmp2.exeFile opened: s:
Source: C:\Windows\System32\unregmp2.exeFile opened: q:
Source: C:\Windows\System32\unregmp2.exeFile opened: o:
Source: C:\Windows\System32\unregmp2.exeFile opened: m:
Source: C:\Windows\System32\unregmp2.exeFile opened: k:
Source: C:\Windows\System32\unregmp2.exeFile opened: i:
Source: C:\Windows\System32\unregmp2.exeFile opened: g:
Source: C:\Windows\System32\unregmp2.exeFile opened: e:
Source: C:\Windows\System32\unregmp2.exeFile opened: c:
Source: C:\Windows\System32\unregmp2.exeFile opened: a:
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: chrome.exeMemory has grown: Private usage: 1MB later: 33MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficDNS traffic detected: DNS query: s3.us-east-2.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: contentworldinc.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.26.5.9:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49765 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.254:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.254:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: classification engineClassification label: mal48.win@45/38@6/102
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a95add7b-c53e-41f4-88a5-4e133f87320a.tmp
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeMutant created: \Sessions\1\BaseNamedObjects\Local\Microsoft_WMP_70_CheckForOtherInstanceMutex
Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Users\user\AppData\Local\Temp\msdt
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\Downloads\ImgBurn_822881.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4856 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4856 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\ImgBurn_822881.exe "C:\Users\user\Downloads\ImgBurn_822881.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1972,i,8619648586621712017,6732439371838954860,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\ImgBurn_822881.exe "C:\Users\user\Downloads\ImgBurn_822881.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\ImgBurn_822881.exe "C:\Users\user\Downloads\ImgBurn_822881.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\ImgBurn_822881.exe "C:\Users\user\Downloads\ImgBurn_822881.exe"
Source: unknownProcess created: C:\Program Files (x86)\Windows Media Player\wmplayer.exe "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Windows\System32\unregmp2.exe "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Windows\System32\unregmp2.exe "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: explorerframe.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: sspicli.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: secur32.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: mswsock.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: schannel.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: explorerframe.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: sspicli.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: secur32.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: mswsock.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: schannel.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wmp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: gnsdk_fp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wmvcore.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wmasf.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wmploc.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: jscript.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: sxs.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: textshaping.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: windowscodecs.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: mmdevapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: audioses.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: netprofm.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: npmproxy.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: imapi2.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: mswmdm.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: cewmdm.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: upnp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: ssdpapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wmdmps.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: explorerframe.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: linkinfo.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: ntshrui.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: wmpps.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: edputil.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: appresolver.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: slc.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: sppc.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: version.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wmp.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wmvcore.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: mfperfhelper.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wmasf.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wmploc.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: mmdevapi.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: devobj.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: mfplat.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: rtworkq.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: audioses.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: propsys.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: mlang.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: winmm.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wmnetmgr.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wldp.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: profapi.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: msxml3.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: secur32.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wdigest.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: netutils.dll
Source: C:\Windows\System32\unregmp2.exeSection loaded: wmpps.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: windows.security.authentication.onlineid.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: onesettingsclient.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: cryptnet.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: comppkgsup.dll
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeSection loaded: xmllite.dll
Source: C:\Users\user\Downloads\ImgBurn_822881.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32
Source: C:\Windows\SysWOW64\msdt.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a95add7b-c53e-41f4-88a5-4e133f87320a.tmpJump to dropped file
Source: C:\Users\user\Downloads\ImgBurn_822881.exeFile created: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exeJump to dropped file
Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\DiagPackage.dll.muiJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 50026.crdownloadJump to dropped file
Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\unregmp2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ImgBurn_822881.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exeJump to dropped file
Source: C:\Windows\SysWOW64\msdt.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\DiagPackage.dll.muiJump to dropped file
Source: C:\Windows\SysWOW64\msdt.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.dllJump to dropped file
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local
Source: C:\Windows\System32\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Media Player
Source: C:\Users\user\Downloads\ImgBurn_822881.exeProcess information queried: ProcessInformation
Source: C:\Users\user\Downloads\ImgBurn_822881.exeProcess token adjusted: Debug
Source: C:\Users\user\Downloads\ImgBurn_822881.exeProcess token adjusted: Debug
Source: C:\Users\user\Downloads\ImgBurn_822881.exeProcess token adjusted: Debug
Source: C:\Users\user\Downloads\ImgBurn_822881.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Windows\System32\unregmp2.exe "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeProcess created: C:\Windows\SysWOW64\msdt.exe "C:\Windows\System32\msdt.exe" -id WindowsMediaPlayerLibraryDiagnostic
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: \Device\CdRom0\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\unregmp2.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Windows Media Player\wmplayer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msdt.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\System32\unregmp2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		Windows Management Instrumentation1
Registry Run Keys / Startup Folder		11
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		11
Process Injection		LSASS Memory1
Query Registry		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Rundll32		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDS11
Peripheral Device Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Downloads\Unconfirmed 50026.crdownload38%ReversingLabsWin32.Adware.Snackarcin
C:\Users\user\Downloads\Unconfirmed 50026.crdownload36%VirustotalBrowse
C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe0%ReversingLabs
C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe2%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\DiagPackage.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\DiagPackage.dll.mui0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
s3.us-east-2.amazonaws.com0%VirustotalBrowse
www.google.com0%VirustotalBrowse
contentworldinc.com1%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s3.us-east-2.amazonaws.com
52.219.179.49
truefalseunknown
contentworldinc.com
104.26.5.9
truefalseunknown
www.google.com
172.217.18.4
truefalseunknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
142.250.185.67
unknownUnited States
15169GOOGLEUSfalse
142.250.110.84
unknownUnited States
15169GOOGLEUSfalse
1.1.1.1
unknownAustralia
13335CLOUDFLARENETUSfalse
172.217.18.4
www.google.comUnited States
15169GOOGLEUSfalse
142.250.185.227
unknownUnited States
15169GOOGLEUSfalse
104.26.5.9
contentworldinc.comUnited States
13335CLOUDFLARENETUSfalse
172.217.23.110
unknownUnited States
15169GOOGLEUSfalse
142.250.181.238
unknownUnited States
15169GOOGLEUSfalse
93.184.221.240
unknownEuropean Union
15133EDGECASTUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
40.127.240.158
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.219.179.49
s3.us-east-2.amazonaws.comUnited States
16509AMAZON-02USfalse

Private

IP
192.168.2.16
127.0.0.1

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1538468
Start date and time:2024-10-21 11:20:20 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Sample URL:https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:28
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Detection:MAL
Classification:mal48.win@45/38@6/102

Warnings

  • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.110.84, 142.250.181.238, 34.104.35.123
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:dropped
Size (bytes):71954
Entropy (8bit):7.996617769952133
Encrypted:true
SSDEEP:
MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:false
Reputation:unknown
Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:data
Category:dropped
Size (bytes):328
Entropy (8bit):3.150184159866505
Encrypted:false
SSDEEP:
MD5:920F29F584F7728920C48779E671F370
SHA1:333C935642FE039F7CA3790D0B65A768259190B6
SHA-256:4FEDA72A91735099FF24937789821C992C4105B08876C4B62DAE1EAE743CD6CB
SHA-512:A76EAE93672EF33622C9D652E246041D760CC65B041E55A2410AAFFB565014E61AC58A68B0B753FFBD5315A4D6462A82DDDFE175202BE2CF8F57FFF57FAD0417
Malicious:false
Reputation:unknown
Preview:p...... .............#..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\MPC-HC\MPC-HC.1.9.19.x86.exe

Download File
Process:C:\Users\user\Downloads\ImgBurn_822881.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):16687163
Entropy (8bit):7.99864901932948
Encrypted:true
SSDEEP:
MD5:987F955A9CC69937A6BF6C1B5C8DA647
SHA1:B89B479ACC3710D8089C5C10EE925878B3B13E41
SHA-256:D9CCA609F0686D5929B4AB6EAD0D2AFCDE1B8F76E38B36E1293C7F58040D2A51
SHA-512:A0215543E2CAA115E33D206325E7E57BAEE277B3E7713C78B7DA05496BED1B3515FBB4431395D87F925998FBB100E87FCC7A4D030DEF0AF4E9CB0699EA16E7B6
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 2%, Browse
Reputation:unknown
Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W..................................... ....@..........................p............@......@......................................p............................................................................................................text...D........................... ..`.itext..d........................... ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.................&...................rdata...............&..............@..@.rsrc...p............(..............@..@....................................@..@........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Download File
Process:C:\Windows\System32\unregmp2.exe
File Type:data
Category:dropped
Size (bytes):1048576
Entropy (8bit):0.9597779350488856
Encrypted:false
SSDEEP:
MD5:105372AF56D361B9F3C4219E8761EC79
SHA1:2594715FFFD40EB4565B350A2FC919183BF3C600
SHA-256:BFD3B7C0B51F881454F1BE25545E160E4864540081E754CCB1787F3DD634BBF6
SHA-512:75E3DD15737E9F08A719654C0674FBF7332225F662C674228821F4081BC2B78EA915BCB68339726BB19E6BC1A2F6749D0AA9FDF2799ABEB0CE1335C05CF18597
Malicious:false
Reputation:unknown
Preview:z.0...............=.....B................ ..........S ...............!..........................................................................................................................................................................................................................................................................................................................................................................................................................................................L.......2........$.......$..........X.......W...W...1....................$..............................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Download File
Process:C:\Windows\System32\unregmp2.exe
File Type:data
Category:dropped
Size (bytes):69740
Entropy (8bit):0.4048308448667788
Encrypted:false
SSDEEP:
MD5:2E66FE9702E12BF3926A4397C45B544E
SHA1:33A4A0A72C93698303D51F7DA2CA766BB0793A29
SHA-256:0209D22125F5D1A96DDF740565811958A4BC4D9D764727CE9936C567EB2DD630
SHA-512:F0345925D2003C31F13D5A376D5E3A0EC3E024565B51CDA73ABCE8840E57675828654791B1FDBFAF2582619542E911D771BD716B66B86CE721699CDF0AC44945
Malicious:false
Reputation:unknown
Preview:W.i.n.d.o.w.s. .M.e.d.i.a. .P.l.a.y.e.r...C.o.m.p.r.e.s.s.e.d. .D.B. .I.m.a.g.e.......e...........`...`...8...0.........3.6...........&.....b.&...............&.............{Mn..J/O...47...................E..LB.@.E..LB.@..........&.......&..............&..............|.(.F.O../.8...................E..LB.@.E..LB.@..........&.......&..............&...................'A.33.1..|.................E..LB.@.E..LB.@........(.&......&...............&.............b;.'.H.F.S....aw.................E..LB.@.E..LB.@........T.&.......&.............F.&..............X.O...M.@..~."..................E..LB.@.E..LB.@S.........&.....*.&.............p.&...............(o.*.O.la. .Sa.................E..LB.@.E..LB.@S.........&.....J.&...............&................0..[N..%.c....................E..LB.@.E..LB.@.........&.....n.&...............&....................I....P....................E..LB.@.E..LB.@.........&.......&..............&.............y..E..PA...=.....................E..LB.@.E..LB.@..........&.

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\01_Music_auto_rated_at_5_stars.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1272
Entropy (8bit):4.037947479559426
Encrypted:false
SSDEEP:
MD5:159E63275630EC4C9747B664BD063938
SHA1:BE4E32D7D022C3E3277E1ED65A21BEBCF787CE3F
SHA-256:D54745665432625A904636E7675612C85026DA07E68F4E9D8DACBE98E5DEE844
SHA-512:1A128D4F59424BCE6818C117F84DBFE16B7DA1543D7B2682460DA74839BFC6CFE805DA00112E17CBAAFDF4179E357B70FA0850FA722FB04F202E1D75E65EDB60
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <title>Music auto rated at 5 stars</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{4202947A-A563-4B05-A754-A1B4B5989849}" name="Music in my library">.. <fragment name="Effective Rating">.. <argument name="condition">Is At Least</argument>.. <argument name="value">5 stars</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Album Artist</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\02_Music_added_in_the_last_month.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1279
Entropy (8bit):4.051212913630708
Encrypted:false
SSDEEP:
MD5:907BFC98CE854AE312127C952D8BE0F2
SHA1:02DEFE8C5F9CC85742E45BA55E4FCFE326FD960C
SHA-256:C475DC7423C2AD60F25ADAAC754CD8B68B57FF04F26ECEF78F3E5961B986A324
SHA-512:DB4045F992BAD6AD660769A22345C5E0D965AE521D6828D612B15F0163622C629992C313A41BC9E381F9B0F098117EEF840D33100AF4C6A3634EB0013A7FE1C7
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <title>Music added in the last month</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{4202947A-A563-4B05-A754-A1B4B5989849}" name="Music in my library">.. <fragment name="Acquisition Date">.. <argument name="condition">Is Later Than</argument>.. <argument name="value">Last month</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Album Artist</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\03_Music_rated_at_4_or_5_stars.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1267
Entropy (8bit):4.025849031008368
Encrypted:false
SSDEEP:
MD5:6D791B697AF46D6777182AF7F18C2955
SHA1:D73E8B5F4EE646C1C4AB6D23F3CB3394CB833CA8
SHA-256:4825EB90140F6B2F4F7ED0DF66B24E10FF5D0DA70AF53EA495FD30B3AA791870
SHA-512:268CF327A9F471D547AD1DAE47833CF6D722C08F9CBF5E7867A422282CE52DC320340DED93473A598903BFEE9BF6A1A3393779468DBEB27D3390DBD59E6D20BA
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <title>Music rated at 4 or 5 stars</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{4202947A-A563-4B05-A754-A1B4B5989849}" name="Music in my library">.. <fragment name="User Rating">.. <argument name="condition">Is At Least</argument>.. <argument name="value">4 stars</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Album Artist</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Album

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\04_Music_played_in_the_last_month.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1284
Entropy (8bit):4.05476728806244
Encrypted:false
SSDEEP:
MD5:F8D3A4CACF055F5EC5C62218EA50D290
SHA1:974474CE3FE345D8015863BD6EA7242BA118532B
SHA-256:201F2170812CF8041964C4D3C5EF539D96ADEBA6A68B69ECAED0AFFE3AE8E25F
SHA-512:AC32CBEB05FAE672047705679043AECF9B56314BAA09C2D3ABB7EAC655710D7CB2C967EA1772767E366BB502E8AD6DE375302F51CA62A76D962EE539B45BFC21
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <title>Music played in the last month</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{4202947A-A563-4B05-A754-A1B4B5989849}" name="Music in my library">.. <fragment name="Last play date">.. <argument name="condition">Is More Recent Than</argument>.. <argument name="value">Last month</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Album Artist</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. <fragment name="Sort by">.. <argument n

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\05_Pictures_taken_in_the_last_month.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):797
Entropy (8bit):4.313068810170943
Encrypted:false
SSDEEP:
MD5:821D2BE672F05514127C117CEF460C6E
SHA1:1C75F314E7658A3DCDCAD315E301F2BAE6D47B31
SHA-256:3ABDB6CBD88AD1557054ECE3F10DD1A8494ED32F423B3CF8321B18DECC489474
SHA-512:146D6293173B80FFE3721AE6E61293CC1D838E8A72713BE8B859CE33C69EF753408057BE9CE15A78D573E253548EE674CA3FEA77EFA3D330CE8C8A50F8A8A988
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 9.0.0.3442"/>.. <title>Pictures taken in the last month</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{CC823400-A8E4-4081-B073-D3B6D952FE69}" name="Pictures in my library">.. <fragment name="DateTimeTaken">.. <argument name="condition">Is Later Than</argument>.. <argument name="value">Last month</argument>.. </fragment>.. </sourceFilter>.. </querySet>.. </smartPlaylist>.. </seq>.. </body>..</smil>..

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\06_Pictures_rated_4_or_5_stars.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):785
Entropy (8bit):4.281070989332542
Encrypted:false
SSDEEP:
MD5:0A8A40CA87323DC16893194B00C7FE77
SHA1:B88A42A85053E0A7483E331B66BA5A40A6290E10
SHA-256:9AA433BED2E090CC6904F1C24D5A7B5A1ED6D8F71A997E661B886C69383FD53E
SHA-512:5932F09106D622054E6D624221D754FF471E3F37D9F585ED23DB7F7327FE1E2F624B22A8F7F2827B607FDB9A30683B8F20C48A39CD35A57AD5CB78467AF2C20E
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 9.0.0.3442"/>.. <title>Pictures rated 4 or 5 stars</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{CC823400-A8E4-4081-B073-D3B6D952FE69}" name="Pictures in my library">.. <fragment name="User Rating">.. <argument name="condition">Is At Least</argument>.. <argument name="value">4 stars</argument>.. </fragment>.. </sourceFilter>.. </querySet>.. </smartPlaylist>.. </seq>.. </body>..</smil>..

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\07_TV_recorded_in_the_last_week.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1040
Entropy (8bit):4.191452381408781
Encrypted:false
SSDEEP:
MD5:B9987B1F9DF6D0AFC01558B907E62A16
SHA1:EF202D5D6F90B37C71CB757F3BABB0857CE54D86
SHA-256:0892EFDB8459D81D4C5E1085239734D9910B9C6A1DEBD7189CF385141F0B19D1
SHA-512:6BC86075632C3E56FFE1D371F4178299E93E014F5C5C83DFDCA2DC9EFD1155633409C79EC87CFE2AFD4374B83771AE56A3EB7FAC00F83921B433CB49216037F9
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <title>TV recorded in the last week</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{E5415A66-7763-4BDE-B97F-5557CA73C303}" name="TV shows in my library">.. <fragment name="Recording Date">.. <argument name="condition">Is Later Than</argument>.. <argument name="value">Last week</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Recording Date</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. </sourceFilter>.. </querySet>.. </smartPlaylist>

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\08_Video_rated_at_4_or_5_stars.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1020
Entropy (8bit):4.1337368900668165
Encrypted:false
SSDEEP:
MD5:A3787A42B81FCE0E448976AD158EDD93
SHA1:45FF275C0C32EAB1F0B56E8B61E8EAD18CFD1675
SHA-256:94BC17AC59BDE92FBCA00FCC69AED68FCBFE2C1754DD45F4810765F5FDF774FF
SHA-512:B36CA10F580EC9D455FB57149BCE1897FE48FDA6023B2FB55B6B4B80A91F1754311B91EDD72C13103E0DA9ED90B696C28D6904EA91984ADE69ED50791F4065AE
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <title>Video rated at 4 or 5 stars</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{B2D9BDDC-8E49-444B-9BA4-193ABF9C7870}" name="Video in my library">.. <fragment name="User Rating">.. <argument name="condition">Is At Least</argument>.. <argument name="value">4 stars</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Title</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. </sourceFilter>.. </querySet>.. </smartPlaylist>.. </seq>..

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\09_Music_played_the_most.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1025
Entropy (8bit):4.153394340103766
Encrypted:false
SSDEEP:
MD5:467E71AA2FD951EB0A1AF3D6BB8378E8
SHA1:FB654C0B2663D4FA5FD0F1658097D936DD0429ED
SHA-256:A54BC2CAD63CED4FD9FF2A3A094A26E264E8A5CE8139193896D13236F494E2EE
SHA-512:F9242A4925B910F4A114652967A6E2F49444A3F0D9F35402FEF28CC8D39C58720930084112BAF92EB6716AF541FD76E3803CCC1E742CEC07F1D4FB6ABC13A42C
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 9.0.0.3075"/>.. <title>Music played the most</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{4202947A-A563-4B05-A754-A1B4B5989849}" name="Music in my library">.. <fragment name="Sort by">.. <argument name="value">Playcount: Total</argument>.. <argument name="condition">Descending</argument>.. </fragment>.. <fragment name="Playcount: Total">.. <argument name="condition">Is Greater Than</argument>.. <argument name="value">5</argument>.. </fragment>.. </sourceFilter>.. </querySet>.. </smartPlaylist>.. </seq

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\10_All_Music.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1063
Entropy (8bit):4.198592374702475
Encrypted:false
SSDEEP:
MD5:51AEED11707741118E0706C1259DF22E
SHA1:6434E915B018C6D15898FE0A4D006BBE3E1EDB60
SHA-256:EC286113E5AD77AC34063589A137A6DC4B4CAB8845CD9C5386519983FA3B48F0
SHA-512:A674487F9CABE1FB2809CD98958DCE696F7F066D3738BFB30317201ED804DF3C72F2D24D6F9C0832CF446C8A965E21F3EA50AADA1C69860A12340D6ECA88E942
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <meta name="DontCopyToDevice" content="TRUE"/>.. <title>All Music</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{4202947A-A563-4B05-A754-A1B4B5989849}" name="Music in my library">.. <fragment name="Sort by">.. <argument name="value">Album Artist</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Album Title</argument>.. <argument name="condition">Ascending</argument>.. </fragment>.. </sourceFilter>.. </querySet>..

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\11_All_Pictures.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):585
Entropy (8bit):4.586939224969076
Encrypted:false
SSDEEP:
MD5:74294EF495559ED32731F19096D70312
SHA1:FDC6CC849270016D2A382D7D0DAABF44A4556CD9
SHA-256:DB34D82F2CD23E6E55A64E12D2A0A9C27AC2DED156483238F22A336CA6825110
SHA-512:B068D903B83945F146ABD4CF384DA99AF608643C62B647EA65DB33C3B0E0FACE4727A74BE3210A9C6469BBC403D1F5C59D92CBD57722737E992B0E4F5E66662A
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 10.0.0.3449"/>.. <meta name="DontCopyToDevice" content="TRUE"/>.. <title>All Pictures</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{CC823400-A8E4-4081-B073-D3B6D952FE69}" name="Pictures in my library">.. </sourceFilter>.. </querySet>.. </smartPlaylist>.. </seq>.. </body>..</smil>..

C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\0017B8B1\12_All_Video.wpl

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):1079
Entropy (8bit):4.232889887576815
Encrypted:false
SSDEEP:
MD5:372D0BEEBEA5460409A6A1C53AC52A18
SHA1:1B5A925E00F9A4CC3A18FEB8F74A2E39EF11EEB6
SHA-256:5B8B62B35E5DD8A46CCCCAF3FC3743BE9E0965D24CBCD20DA2681065EEB37EF3
SHA-512:EFB412E3A17F4EAB84FB9F99B9E420D18E23610A9A66BCD7298C3BA68FD24ABE0C1F2E58FAA411E059788D34F4CEDE45F9E25C6578D13FAEFB8EE79ACD50F2E0
Malicious:false
Reputation:unknown
Preview:<?wpl version="1.0"?>..<smil>.. <head>.. <meta name="Generator" content="Microsoft Windows Media Player -- 11.0.5428.4943"/>.. <meta name="DontCopyToDevice" content="TRUE"/>.. <title>All Video</title>.. </head>.. <body>.. <seq>.. <smartPlaylist version="1.0.0.0">.. <querySet>.. <sourceFilter id="{B2D9BDDC-8E49-444B-9BA4-193ABF9C7870}" name="Video in my library">.. <fragment name="Secondary Media Type">.. <argument name="condition">Is Not</argument>.. <argument name="value">Video: TV show</argument>.. </fragment>.. <fragment name="Sort by">.. <argument name="value">Recording Date</argument>.. <argument name="condition">Descending</argument>.. </fragment>.. </sourceFilter>.. </

C:\Users\user\AppData\Local\Microsoft\Media Player\wmpfolders.wmdb

Download File
Process:C:\Program Files (x86)\Windows Media Player\wmplayer.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):1064
Entropy (8bit):3.503005074540439
Encrypted:false
SSDEEP:
MD5:DB11C974874C4064EFF87AA369D3B99A
SHA1:75FF795C28F691341B528A8C2B667A1C4657F097
SHA-256:0214AFB59A569F20C1414C945077AB30189EA620DCD0DBA6C8F6C9A7547C2D66
SHA-512:9CF43EFBBC16763BA51C456D9848E1BA20986D270DC7CB62A199A9118BBFAD5B23B03528D7D1FAA90710E8B66F9AEF97583F6F165217D2A8517930642C068A0D
Malicious:false
Reputation:unknown
Preview:..<.F.o.l.d.e.r.>..... . . . .<.D.i.r. .F.o.l.d.e.r.=.".C.:.\.U.s.e.r.s.\.c.a.l.i.\.M.u.s.i.c.". .N.a.m.e.=.".". .M.o.d.=.".1.3.3.4.1.0.5.6.8.3.1.8.5.9.2.8.5.7.". .D.i.r.t.y.=.".0.". .E.x.c.l.u.d.e.=.".0.". .N.e.w.=.".0."./.>..... . . . .<.D.i.r. .F.o.l.d.e.r.=.".C.:.\.U.s.e.r.s.\.c.a.l.i.\.P.i.c.t.u.r.e.s.". .N.a.m.e.=.".". .M.o.d.=.".1.3.3.4.1.0.5.6.8.6.7.5.8.4.8.1.7.3.". .D.i.r.t.y.=.".0.". .E.x.c.l.u.d.e.=.".0.". .N.e.w.=.".0.".>..... . . . . . . . .<.D.i.r. .N.a.m.e.=.".C.a.m.e.r.a. .R.o.l.l.". .M.o.d.=.".1.3.3.4.1.0.5.6.8.6.7.1.0.0.4.4.4.5.". .D.i.r.t.y.=.".0.". .E.x.c.l.u.d.e.=.".0.". .N.e.w.=.".0."./.>..... . . . . . . . .<.D.i.r. .N.a.m.e.=.".S.a.v.e.d. .P.i.c.t.u.r.e.s.". .M.o.d.=.".1.3.3.4.1.0.5.6.8.6.7.5.8.4.8.1.7.3.". .D.i.r.t.y.=.".0.". .E.x.c.l.u.d.e.=.".0.". .N.e.w.=.".0."./.>..... . . . .<./.D.i.r.>..... . . . .<.D.i.r. .F.o.l.d.e.r.=.".C.:.\.U.s.e.r.s.\.c.a.l.i.\.V.i.d.e.o.s.". .N.a.m.e.=.".". .M.o.d.=.".1.3.3.4.1.0.5.6.8.3.1.8.1.2.4.0.9.5.". .D.i.r.t.y.=.".0.". .E.x.

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Download File
Process:C:\Windows\System32\unregmp2.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):498
Entropy (8bit):5.103913616294899
Encrypted:false
SSDEEP:
MD5:90BE2701C8112BEBC6BD58A7DE19846E
SHA1:A95BE407036982392E2E684FB9FF6602ECAD6F1E
SHA-256:644FBCDC20086E16D57F31C5BAD98BE68D02B1C061938D2F5F91CBE88C871FBF
SHA-512:D618B473B68B48D746C912AC5FC06C73B047BD35A44A6EFC7A859FE1162D68015CF69DA41A5DB504DCBC4928E360C095B32A3B7792FCC6A38072E1EBD12E7CBE
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0" standalone="yes"?>..<!DOCTYPE document [..<!ELEMENT document (node*)>.. <!ATTLIST document WMSNameSpaceVersion CDATA "2.0">....<!ELEMENT node (node*)>.. <!ATTLIST node name CDATA #REQUIRED>.. <!ATTLIST node opcode ( create | remove | setval | clearval | rename | movebefore ) #REQUIRED>.. <!ATTLIST node secure ( true | false ) #IMPLIED>.. <!ATTLIST node type ( string | boolean | int32 | binary | int64 ) #IMPLIED>.. <!ATTLIST node value CDATA #IMPLIED>..]>..

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Download File
Process:C:\Windows\System32\unregmp2.exe
File Type:exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):10191
Entropy (8bit):4.792342140217129
Encrypted:false
SSDEEP:
MD5:7050D5AE8ACFBE560FA11073FEF8185D
SHA1:5BC38E77FF06785FE0AEC5A345C4CCD15752560E
SHA-256:CB87767C4A384C24E4A0F88455F59101B1AE7B4FB8DE8A5ADB4136C5F7EE545B
SHA-512:A7A295AC8921BB3DDE58D4BCDE9372ED59DEF61D4B7699057274960FA8C1D1A1DAFF834A93F7A0698E9E5C16DB43AF05E9FD2D6D7C9232F7D26FFCFF5FC5900B
Malicious:false
Reputation:unknown
Preview:.<document WMSNameSpaceVersion="2.0">.... <node name="Control Protocol" opcode="create" >.. <node name="Object Store" opcode="create" >.. <node name="RTSP" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{308786f0-8b15-11d2-b25f-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="RTSP,RTSPA,RTSPT,RTSPU,RTSPM" />.. </node> Properties -->.... </node> RTSP -->.... <node name="Sessionless Multicast" opcode="create" >.. <node name="CLSID" opcode="create" type="string" value="{f9377800-f38d-11d2-b26c-006097d2e41e}" />.. <node name="Enabled" opcode="create" type="int32" value="0x1" />.. <node name="Properties" opcode="create" >.. <node name="Protocol" opcode="create" type="string" value="MCAST,RTP" />.. </node> Properties

C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML

Download File
Process:C:\Windows\System32\unregmp2.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):53
Entropy (8bit):4.66869469064966
Encrypted:false
SSDEEP:
MD5:A9B5DA9AEC61657B32393D96217165F0
SHA1:80B5C577155ACD269B450D70F6B2CBED693EDF49
SHA-256:9F4611369CF65B33D886489B2486FCA7B1E83E0DC998D35B15B3AA4C8478A28D
SHA-512:0B73B232C03FFD5CE526A1EDE481A57C753D15D9EE39D4247ABFA52819B59FA676C63E30825DAF233E3139038C353DF84D652C4CE2CB71A706DDDBDFE0C70335
Malicious:false
Reputation:unknown
Preview:<document WMSNameSpaceVersion="2.0">....</document>..

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.diagpkg

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:HTML document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4621
Entropy (8bit):4.469979676801381
Encrypted:false
SSDEEP:
MD5:3F87427A3E4116CAA74E7E486FD8A729
SHA1:1FB9B0015F99EECBF36651191AE632EF397B94D0
SHA-256:21DE6D5C7FA177B1C2FBE91FA00F9206ADFE03D21B1F0E6FBDEF4FCDB8D1FD4B
SHA-512:47A728C06B99686722BD82D484AF0CD7ADC3AA42C4F3359063BF8CA2002B2F0AE6A67564FB2EE53D84EB4C1B5CE964501DA882C5093CFB0F137527410F05C6C8
Malicious:false
Reputation:unknown
Preview:<dcmPS:DiagnosticPackage SchemaVersion="1.0" Louserzed="true" xmlns:dcmPS="http://www.microsoft.com/schemas/dcm/package/2007" xmlns:dcmRS="http://www.microsoft.com/schemas/dcm/resource/2007">.. <DiagnosticIdentification>.. <ID>WindowsMediaPlayerLibraryDiagnostic</ID>.. <Version>1.1</Version>.. </DiagnosticIdentification>.. <DisplayInformation>.. <Parameters/>.. <Name>@diagpackage.dll,-1</Name>.. <Description>@diagpackage.dll,-2</Description>.. </DisplayInformation>.. <PrivacyLink>http://go.microsoft.com/fwlink/?LinkID=534597</PrivacyLink>.. <PowerShellVersion>1.0</PowerShellVersion>.. <SupportedOSVersion clientSupported="true" serverSupported="true">6.1</SupportedOSVersion>.. <Troubleshooter>.. <Script>.. <Parameters/>.. <ProcessArchitecture>Any</ProcessArchitecture>.. <RequiresElevation>false</RequiresElevation>.. <RequiresInteractivity>true</RequiresInteractivity>..

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\DiagPackage.dll

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:dropped
Size (bytes):64512
Entropy (8bit):6.84969267903287
Encrypted:false
SSDEEP:
MD5:7247AAA87F14E2E1F390880B0175C7FB
SHA1:A51312C8EA5AA802480DF73C156FE7BE0CA0E898
SHA-256:B9AE2BC571153911547EC00AB19A53FF37D28F297D51DD96DB8540AAABBE873C
SHA-512:1D0358896C0C61E455CD2BA6E4376B4D58C835135EE2F5ACE9D7201CFD1246874292F237490CBE2587486D9DAB42D9441600BFB03EE6E281CE57D16C832EBA4F
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.PE..d................" ......................................................... .......C....`.......................................................... ..H...............................8............................................................................rdata..............................@..@.rsrc...H.... ......................@..@...............T...8...8..................$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#.......rsrc$02.... ...@....D.@....k....v.....G............................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\RS_MediaLibCorrupted.ps1

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:ISO-8859 text, with CRLF line terminators
Category:dropped
Size (bytes):592
Entropy (8bit):5.1145165470997505
Encrypted:false
SSDEEP:
MD5:96DA911A4ABF02D24973BF51A2E6E8E2
SHA1:12FDE6151F78D3DA633B8B01D9A1667BA7F8E2F4
SHA-256:45DBCC2FDF8FBB9E0A534B57D88A8F6B876B711FF4D5D45CF887DD002251A7C4
SHA-512:CB0367D2EA614E9DF3E3BABF349A615DD9CAB39E5CD756186DF728F889937C4C96DB10E72CF8525BF8E31DE5A4FB26094EE54978D8F2F3C2339B327A496C25EA
Malicious:false
Reputation:unknown
Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#TS_WindowsMediaPlayer....Push-Location..Set-Location Env:....$Localdatapath = Get-Item -path LOCALAPPDATA....Set-Location $Localdatapath.Value....$IsExist = Test-Path ".\Microsoft\Media Player.old"....if($IsExist -eq $true)..{.. Remove-Item -path ".\Microsoft\Media Player.old" -Recurse -Force..}....$IsExist = Test-path ".\Microsoft\Media Player"..if($IsExist -eq $True)..{.. $MedialibPath = Get-Item -path ".\Microsoft\Media Player".... Rename-Item $MedialibPath -NewName "Media Player.old"..}....Pop-Location..

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\TS_IsWMPUnavailable.ps1

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:ISO-8859 text, with CRLF line terminators
Category:dropped
Size (bytes):645
Entropy (8bit):5.1773735771605836
Encrypted:false
SSDEEP:
MD5:32476DD258E2B285F69619B098A35C29
SHA1:481C9539574697E469872CF4C97E9753AA03CB46
SHA-256:CBB4796369459CE8F9C73D9B3B5CC90FE054A272B270DB9C596B9AA58980ECEA
SHA-512:760470503113180382E859E64AAA1E3BB1714E48B44DA237BF0660EBD090792FB9D84F4856D1CCC7BCBD4A0FA0004555776E9D8E9A7B771EB9127CF17CA78869
Malicious:false
Reputation:unknown
Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#TS_IsWMPUnavailable....$KeyPath = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\"..if((Test-Path $KeyPath) -eq $True)..{.. $InstallInfo = Get-ItemProperty -Path $KeyPath -Name "IsInstalled" -ErrorAction silentlycontinue.. if ($InstallInfo -ne $Null).. {.. if($InstallInfo.IsInstalled -eq 1).. {.. Update-DiagRootCause -ID "RC_WMPUnavailable" -Detected $false.. return $true.. }.. }..}....Update-DiagRootCause -ID "RC_WMPUnavailable" -Detected $true....return $false..

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\TS_WindowsMediaPlayer.ps1

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:ISO-8859 text, with CRLF line terminators
Category:dropped
Size (bytes):471
Entropy (8bit):5.1787097525394685
Encrypted:false
SSDEEP:
MD5:EF4153F66CEC33C79C410E071630F34C
SHA1:F0707F55DA1D7E4255D647814390809076D0630D
SHA-256:246F859EFE02CA3889F08C8BA9C8C0950D4841C036CD22019810391E58ACB584
SHA-512:6ABE356683715825E1C03D3AFDF796CAF559DCF8225DAA70508D53761A74EA0B904DDD734840D85E01E9D5FC75C59220473762BF138FEB6C6E0B348B443715B9
Malicious:false
Reputation:unknown
Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#TS_WindowsMediaPlayer..Import-LouserzedData -BindingVariable louserzationString -FileName CL_LouserzationData....$IsWMPInstalled = .\TS_IsWMPUnavailable.ps1..if ($IsWMPInstalled -eq $False)..{.. return $False..}....$WMplayer = Get-Process -name wmplayer..if ($WMplayer -ne $Null)..{.. $CloseWMP = Get-DiagInput -id "IT_WMPRuning"..}....Update-DiagRootCause RC_MediaLibCorrupted -Detected $true..

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\CL_LouserzationData.psd1

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):394
Entropy (8bit):3.723898072222539
Encrypted:false
SSDEEP:
MD5:D7A3C39F2821D5B39D5008A2082A6B61
SHA1:3CDF01EF396C4FF9E96E115F8EC2D76564CF5C3F
SHA-256:FEF28FBC43EF8134118EB14BFA41A2D361F1BB5B27861F9699C13EDC9501F82B
SHA-512:3ECE60046294121FDAA453C160D6DCD150120C92170E519BB114307BBDB25AE9F93924F74FFFB5DBE0B489D4D1C9EA7C03E162133C40729356508163FC06BC82
Malicious:false
Reputation:unknown
Preview:..#. .L.o.c.a.l.i.z.e.d...1.2./.0.7./.2.0.1.9. .1.1.:.5.4. .A.M. .(.G.M.T.)...3.0.3.:.6...4.0...2.0.5.2.0. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....C.o.n.v.e.r.t.F.r.o.m.-.S.t.r.i.n.g.D.a.t.a. .@.'.....#.#.#.P.S.L.O.C.....T.r.o.u.b.l.e.s.h.o.o.t._.T.i.t.l.e.=.T.r.o.u.b.l.e.s.h.o.o.t.i.n.g.....R.e.s.o.l.u.t.i.o.n._.T.i.t.l.e.=.R.e.s.o.l.u.t.i.o.n.....#.#.#.P.S.L.O.C.....'.@.....

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\en-GB\DiagPackage.dll.mui

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):4608
Entropy (8bit):3.3092013996840097
Encrypted:false
SSDEEP:
MD5:0F29815F73D525466A356413233596D1
SHA1:452E192F4B6536FB0DA93A1EB153CFD4CD3E858F
SHA-256:998BC500BD16D1D64B3A4B265142E5ECCCB760A031D4825F854482D79EBDE57C
SHA-512:D8323D28AC95DE82FFD2E5C1A8C62B2EAF3317AE24D1B5B3656FA0D556E17BBEC9D7E5CDAD8A7A4985D6E77175E0229D4007F600668446D0FC3082D640602FD1
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....-P_........T...8...8........-P_........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ...P.J......w.>.........Z.yw..-P_........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\SDIAG_628502e2-7a7f-489c-9d3e-1258e5fc3883\result\results.xsl

Download File
Process:C:\Windows\SysWOW64\msdt.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):48956
Entropy (8bit):5.103589775370961
Encrypted:false
SSDEEP:
MD5:310E1DA2344BA6CA96666FB639840EA9
SHA1:E8694EDF9EE68782AA1DE05470B884CC1A0E1DED
SHA-256:67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C
SHA-512:62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0"?>..<?Copyright (c) Microsoft Corporation. All rights reserved.?>..<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:ms="urn:microsoft-performance" exclude-result-prefixes="msxsl" version="1.0">...<xsl:output method="html" indent="yes" standalone="yes" encoding="UTF-16"/>...<xsl:template name="louserzation">....<_locDefinition>.....<_locDefault _loc="locNone"/>.....<_locTag _loc="locData">String</_locTag>.....<_locTag _loc="locData">Font</_locTag>.....<_locTag _loc="locData">Mirror</_locTag>....</_locDefinition>...</xsl:template>... ********** Images ********** -->...<xsl:variable name="images">....<Image id="check">res://sdiageng.dll/check.png</Image>....<Image id="error">res://sdiageng.dll/error.png</Image>....<Image id="info">res://sdiageng.dll/info.png</Image>....<Image id="warning">res://sdiageng.dll/warning.png</Image>....<Image id="expand">res://sdiageng.dll/expand.png</Image>....<Image id="

C:\Users\user\AppData\Local\Temp\wmsetup.log

Download File
Process:C:\Windows\SysWOW64\unregmp2.exe
File Type:ASCII text, with CRLF line terminators
Category:modified
Size (bytes):1301
Entropy (8bit):5.091676078955053
Encrypted:false
SSDEEP:
MD5:2A009868D7684D6AE101A562FAB3CC53
SHA1:3634C8C31121E34B557E93900ED31DC3EAEA39FE
SHA-256:E5AEE258C7E88E3B9E327FBA62A1309E20D05C41217BD80558C46D5053CF4D3D
SHA-512:E4463C2E738ADE214F5C65719C8AC08E97464DFB963BD5FAEE9869CB624D1FAE2493FA5FCA0AC2199760EAA79743834429F205B15C7A1015A2978F20862EE91C
Malicious:false
Reputation:unknown
Preview:..[*WMC Logging begun at 2023/10/06 - 10:07:10. Logging at level: '4'. OS is NT. OSVer is 10.0.19045.0.1889. System Lang is 2057. Prev version system is 12.0.19041.1266. Setup version 12.0.19041.1.]..Checking for Playlist Obfuscation...Playlist location not obfuscated. Doing Obfuscation now...Obfuscation for Playlist location succeeded...Current command line: '/FirstLogon'.....[*WMC Logging begun at 2023/10/06 - 10:07:11. Logging at level: '4'. OS is NT. OSVer is 10.0.19045.0.1889. System Lang is 2057. Prev version system is 12.0.19041.1266. Setup version 12.0.19041.1.]..Checking for Playlist Obfuscation...Playlist location already obfuscated...Current command line: '/FirstLogon'.....[*WMC Logging begun at 2024/10/21 - 05:22:30. Logging at level: '4'. OS is NT. OSVer is 10.0.19045.0.1889. System Lang is 2057. Prev version system is 12.0.19041.1266. Setup version 12.0.19041.1.]..ERROR: Caller attempted to run 32bit unregmp2 on 64bit Windows. Call being switched to correct unre

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2673
Entropy (8bit):3.9892368917560126
Encrypted:false
SSDEEP:
MD5:7794498340E332729AFCF1807014AA23
SHA1:1DF71C517FBC9A3D930D6D55DAA345A310E99CBA
SHA-256:3D0961A2361A506105E7D80D3B63D21E2E71B0FEBA2C3D9815A89AB29261CBC5
SHA-512:0599DD9CAE2C667272354E21B5E92E2585D6AE7EC01E704DD9B04F543029E708C8AE52EB948D70B8A904CD2BE1E74ECA0899B444A933312DA9A7D1EE858552CA
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,......b..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUY.J....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUY.J....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUY.J....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUY.J..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUY.J...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2675
Entropy (8bit):4.006622503961347
Encrypted:false
SSDEEP:
MD5:754F0E3DB73AA5F8E34EECCE88854BA7
SHA1:C6610BA561B127AC58F3CF84454E8726E301FCBB
SHA-256:644A651F2C41221D2EB561ECB798B6BFB91CB14F5DE61F00BB3199864492ECA5
SHA-512:F96E849B5EF9A53F9562C2C4F8A7945312A1C2F4A21F1A8CD4F8171AB25BC96B54790FEC1F211250AE91CCB1C67B9B7170601D16CCA19266E5F61B621AD35D73
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,.....V..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUY.J....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUY.J....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUY.J....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUY.J..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUY.J...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2689
Entropy (8bit):4.011559364122046
Encrypted:false
SSDEEP:
MD5:924934A1A3E67F0D1290BE7B7A879D6D
SHA1:984B9F652C7F9EA186FC3C0541A87A9169AD656F
SHA-256:5C8C260AC0B58A38C23BAFD8C698672A4DA3BE90ADA53F79D1DD8BFC98139C96
SHA-512:38770543C1620301D1E16CF8FFB18C4217FF2DEFEEC7ED721C20769DDD12B5C14EB9D0EBD20AE8C58088A9581C650A7FF08BD5C93610CABD04AAE75FE8E1126E
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUY.J....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUY.J....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUY.J....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUY.J..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2677
Entropy (8bit):4.001528661699936
Encrypted:false
SSDEEP:
MD5:9999B30CC30C014D497D674CFA3838E9
SHA1:A93B29E86238DED7814BCC2FEDD1F1EC7D1AC7A3
SHA-256:D0ED9C58F62E8D31F1145BC2021CAE5C0C16439694533B59BBEF6636D38774B0
SHA-512:BFCC36879C86CCB85CA67685129E0899C5C062367822B1655AC451D9CADA2C078593B52494D4765B419B0D5F0297E632D86CFD5903D340B91B82B574038370CE
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,....V.P..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUY.J....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUY.J....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUY.J....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUY.J..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUY.J...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2677
Entropy (8bit):3.990009707487362
Encrypted:false
SSDEEP:
MD5:0C3D2F256414CA3DF2C531A43ABC2BA3
SHA1:154005670A957DF898F03A5F87164B6A2EE33FFE
SHA-256:93F6D2995D65625A74162A746D84B955F4E61EB28D29B1B01C176275A624665F
SHA-512:1371F64F8CE4C5E0AC8C60A9EA311B5BFEBC44224569215874C3BC67545849E3DDA1969228FA6CA2129615BE4AE49244E05FEEEF7058193622E149DE9BDE4525
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,....?.\..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUY.J....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUY.J....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUY.J....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUY.J..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUY.J...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 21 08:20:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:dropped
Size (bytes):2679
Entropy (8bit):4.0003261635939875
Encrypted:false
SSDEEP:
MD5:884A14C23C8A480C0BA13C0B264B29D0
SHA1:BD43729CC8CFBFA86D13286B32BD2FB33F9E7E39
SHA-256:C75016E49A627B64A658E8A99586E1D4C0495506806B74018343E6FEA220349D
SHA-512:81479530CA963625CD25B213F0A752959D6AE6321B29D445A62BDCAAD9093FF667FC5B88D6852F288535F424B1981E9A1247F8FA6CAC8A4064C082E7396E7BB1
Malicious:false
Reputation:unknown
Preview:L..................F.@.. ...$+.,....ZGH..#..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IUY.J....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VUY.J....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VUY.J....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VUY.J..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VUY.J...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\ImgBurn_822881.exe (copy)

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B0122909933A4243C6055AF589ABCF51
SHA1:78EBFEA877A7FFC59155A539F6F157417A8A0211
SHA-256:9D68C8C263F0DC1821C0C2B2B17589E806DE1A4AD54EDD3B34FFA3F4EA0C0280
SHA-512:FC8A3A969F1C9F4ED65FA777C53D3AC743A7510B9E80535191E1EA97CB5835A086D4E8CE2A97E497302C2CF03218A8551860B8D8B7AE64FC75F1D7F825C0AF12
Malicious:true
Reputation:unknown
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Y.R..........................:q.......s......:q......:q.................7...........:q......:q......:q......:q......Rich....................................PE..L....."f..................i......... =`.......i...@..........................Pp.....V.m...@...................................m.......n.x$............l..)....n.......m.....................<.m.......m.@.............i..............................text....~i.......i................. ..`.rdata...T....i..V....i.............@..@.data.........m..6....m.............@....gfids..|.....n.......n.............@..@.tls..........n.......n.............@....rsrc...x$....n..&....n.............@..@.reloc........n......Dn.............@..B........................................................................................................................................................................................

C:\Users\user\Downloads\Unconfirmed 50026.crdownload

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):23926912
Entropy (8bit):7.698655247603634
Encrypted:false
SSDEEP:
MD5:B0122909933A4243C6055AF589ABCF51
SHA1:78EBFEA877A7FFC59155A539F6F157417A8A0211
SHA-256:9D68C8C263F0DC1821C0C2B2B17589E806DE1A4AD54EDD3B34FFA3F4EA0C0280
SHA-512:FC8A3A969F1C9F4ED65FA777C53D3AC743A7510B9E80535191E1EA97CB5835A086D4E8CE2A97E497302C2CF03218A8551860B8D8B7AE64FC75F1D7F825C0AF12
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 38%
  • Antivirus: Virustotal, Detection: 36%, Browse
Reputation:unknown
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Y.R..........................:q.......s......:q......:q.................7...........:q......:q......:q......:q......Rich....................................PE..L....."f..................i......... =`.......i...@..........................Pp.....V.m...@...................................m.......n.x$............l..)....n.......m.....................<.m.......m.@.............i..............................text....~i.......i................. ..`.rdata...T....i..V....i.............@..@.data.........m..6....m.............@....gfids..|.....n.......n.............@..@.tls..........n.......n.............@....rsrc...x$....n..&....n.............@..@.reloc........n......Dn.............@..B........................................................................................................................................................................................

C:\Users\user\Downloads\a95add7b-c53e-41f4-88a5-4e133f87320a.tmp

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:PE32 executable (GUI) Intel 80386, for MS Windows
Category:dropped
Size (bytes):18931
Entropy (8bit):6.414990054258263
Encrypted:false
SSDEEP:
MD5:F17F6BF1BD319C8F4AC81007D3E1065B
SHA1:880FD946AC5C6CE97FD7D3405E4F8D67E3C6619C
SHA-256:3ED2DA8FF290DC88F4A70BF84F950FC1430050CAECC46A4B7F7A5251A9AE8610
SHA-512:60F17E687F8767C51A39C3CFF8DDA9ADFDD9A350C80BD0D4A2FC8F0F9E09FEC9F0632D2B7BDF0D2DA2FC10C855A4952AC257F5F3E8338C4CD762FABC6843D800
Malicious:true
Reputation:unknown
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Y.R..........................:q.......s......:q......:q.................7...........:q......:q......:q......:q......Rich....................................PE..L....."f..................i......... =`.......i...@..........................Pp.....V.m...@...................................m.......n.x$............l..)....n.......m.....................<.m.......m.@.............i..............................text....~i.......i................. ..`.rdata...T....i..V....i.............@..@.data.........m..6....m.............@....gfids..|.....n.......n.............@..@.tls..........n.......n.............@....rsrc...x$....n..&....n.............@..@.reloc........n......Dn.............@..B........................................................................................................................................................................................

Static File Info

No static file info