General Info

URL

http://t1.daumcdn.net/potplayer/PotPlayer64/v4/PotPlayerSetup64.exe

Full analysis
https://app.any.run/tasks/8a712c66-cdb9-4a18-90d0-36a068809b12
Verdict
Malicious activity
Analysis date
7/18/2019, 09:38:15
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

adware

installcore

pup

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
INSTALLCORE was detected
  • PotPlayerSetup64.exe (PID: 3928)
Connects to CnC server
  • PotPlayerSetup64.exe (PID: 3928)
Loads dropped or rewritten executable
  • PotPlayerSetup64.exe (PID: 3092)
  • PotPlayerSetup64.exe (PID: 3928)
Downloads executable files from the Internet
  • chrome.exe (PID: 2372)
Application was dropped or rewritten from another process
  • PotPlayerSetup64.exe (PID: 3092)
  • PotPlayerSetup64.exe (PID: 3928)
Reads Windows Product ID
  • PotPlayerSetup64.exe (PID: 3928)
Creates files in the program directory
  • PotPlayerSetup64.exe (PID: 3928)
Creates files in the user directory
  • PotPlayerSetup64.exe (PID: 3928)
Executable content was dropped or overwritten
  • chrome.exe (PID: 2904)
  • chrome.exe (PID: 2372)
  • PotPlayerSetup64.exe (PID: 3928)
  • PotPlayerSetup64.exe (PID: 3092)
Reads internet explorer settings
  • PotPlayerSetup64.exe (PID: 3928)
Reads the machine GUID from the registry
  • PotPlayerSetup64.exe (PID: 3928)
Application launched itself
  • PotPlayerSetup64.exe (PID: 3092)
Reads CPU info
  • PotPlayerSetup64.exe (PID: 3928)
Reads Environment values
  • PotPlayerSetup64.exe (PID: 3928)
Application launched itself
  • chrome.exe (PID: 2904)
Reads Internet Cache Settings
  • chrome.exe (PID: 2904)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
52
Monitored processes
13
Malicious processes
3
Suspicious processes
0

Behavior graph

+
drop and start start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs potplayersetup64.exe #INSTALLCORE potplayersetup64.exe chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2904
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t1.daumcdn.net/potplayer/PotPlayer64/v4/PotPlayerSetup64.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\audioses.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\downloads\potplayersetup64.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3512
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ddaa9d0,0x6ddaa9e0,0x6ddaa9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2936
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2908 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
1676
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4516718148336534786 --mojo-platform-channel-handle=932 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
2372
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=9192442094114084902 --mojo-platform-channel-handle=1528 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
2104
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4568224504786269056 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3040
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15503330375117874827 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3392
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4919981791758484472 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2804
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=313951334235110313 --mojo-platform-channel-handle=3384 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3092
CMD
"C:\Users\admin\Downloads\PotPlayerSetup64.exe"
Path
C:\Users\admin\Downloads\PotPlayerSetup64.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Kakao
Description
PotPlayer Setup File
Version
v1.7.18958
Modules
Image
c:\users\admin\downloads\potplayersetup64.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\users\admin\appdata\local\temp\nsofe28.tmp\uac.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mpr.dll

PID
3928
CMD
"C:\Users\admin\Downloads\PotPlayerSetup64.exe" /UAC:4017A /NCRC
Path
C:\Users\admin\Downloads\PotPlayerSetup64.exe
Indicators
Parent process
PotPlayerSetup64.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Kakao
Description
PotPlayer Setup File
Version
v1.7.18958
Modules
Image
c:\users\admin\downloads\potplayersetup64.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\users\admin\appdata\local\temp\nsg404.tmp\uac.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\nsg404.tmp\langdll.dll
c:\users\admin\appdata\local\temp\nsg404.tmp\advsplash.dll
c:\windows\system32\winmm.dll
c:\users\admin\appdata\local\temp\nsg404.tmp\system.dll
c:\users\admin\appdata\local\temp\nsg404.tmp\hyebnfbwh.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\nsg404.tmp\math.dll
c:\users\admin\appdata\local\temp\nsg404.tmp\inetc.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\riched20.dll
c:\windows\system32\gpapi.dll

PID
3864
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=1317432506825892195 --mojo-platform-channel-handle=1388 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3404
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1024,2067607562574228639,10637332649640298409,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17310192865490428742 --mojo-platform-channel-handle=492 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1695
Read events
1600
Write events
94
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2904
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2904
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13207909118645625
2904
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004001200070026003900E90000000000
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004001200070026003900EF0000000000
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
8CB01A063C3DD501
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
2904
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2936
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2904-13207909116598750
259
2372
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASAPI32
EnableFileTracing
0
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASAPI32
EnableConsoleTracing
0
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASAPI32
FileTracingMask
4294901760
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASAPI32
ConsoleTracingMask
4294901760
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASAPI32
MaxFileSize
1048576
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASAPI32
FileDirectory
%windir%\tracing
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASMANCS
EnableFileTracing
0
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASMANCS
EnableConsoleTracing
0
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASMANCS
FileTracingMask
4294901760
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASMANCS
ConsoleTracingMask
4294901760
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASMANCS
MaxFileSize
1048576
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PotPlayerSetup64_RASMANCS
FileDirectory
%windir%\tracing
3928
PotPlayerSetup64.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3928
PotPlayerSetup64.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3928
PotPlayerSetup64.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3928
PotPlayerSetup64.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3928
PotPlayerSetup64.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3928
PotPlayerSetup64.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000079000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3928
PotPlayerSetup64.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsg404.tmp\UAC.dll
3864
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3864
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
3864
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
3864
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-4
Mail recipient
3864
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient

Files activity

Executable files
13
Suspicious files
10
Text files
149
Unknown types
0

Dropped files

PID
Process
Filename
Type
2904
chrome.exe
C:\Users\admin\Downloads\179898a8-c2af-4c25-bf7e-db844fbcc482.tmp
executable
MD5: 80b89d565fe277979dcbbb849eb589cb
SHA256: eac99c0e8ea83e9f228ed126654c3f2bc2bb886da7c99d399bfc6e3a35b3e57c
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\LangDLL.dll
executable
MD5: ab1db56369412fe8476fefffd11e4cc0
SHA256: 6f14c8f01f50a30743dac68c5ac813451463dfb427eb4e35fcdfe2410e1a913b
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\Math.dll
executable
MD5: 73bc9c462c0c577d7e5646e8f3c123fc
SHA256: 39b1bf4c55db3872c7c6f08e5764bac2def6faed0fbcc68d6cce5aab61243ec8
3092
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsoFE28.tmp\UAC.dll
executable
MD5: 0bea21545b130f74ad40160ae8ac05ea
SHA256: 3239a185c653b1f2385fbb9716172e116551fc68867e36ffdb96d5d7c8eaea5b
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\advsplash.dll
executable
MD5: ec4e08a6ef93404b08a4a62cabfff0a9
SHA256: 4bee4c9d5ffe126a7daf7ee7dc6dc4c77fe4cf7334132d4d63352ec01a2a37fd
2904
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 114567.crdownload
executable
MD5: fb34939a4ed0bd56486a733570c48f66
SHA256: 1ad9bdce4324f0fc0667ed4f6b8f00d8579125de7dd5c1b1dfb05885ce7fecbd
2372
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
executable
MD5: fb34939a4ed0bd56486a733570c48f66
SHA256: 1ad9bdce4324f0fc0667ed4f6b8f00d8579125de7dd5c1b1dfb05885ce7fecbd
2904
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 114567.crdownload
executable
MD5: 014a543644326e4110c788a45cd2cf9d
SHA256: 26f9bef8aa385f5502ef3bbcf4d9a89bbb264604d2d59a2379ea5dd8e462466e
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\inetc.dll
executable
MD5: 1fc1fbb2c7a14b7901fc9abbd6dbef10
SHA256: 4f26394c93f1acb315c42c351983dafc7f094b2d05db6d7a1ba7dcb39a3a599e
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\UAC.dll
executable
MD5: 0bea21545b130f74ad40160ae8ac05ea
SHA256: 3239a185c653b1f2385fbb9716172e116551fc68867e36ffdb96d5d7c8eaea5b
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\System.dll
executable
MD5: 0d7ad4f45dc6f5aa87f606d0331c6901
SHA256: 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\hYEBnFBwH.dll
executable
MD5: b61ddb15517e8651b342e991a8df4d95
SHA256: cce739cd9f45d77f99fc84ae4d732bf9668d27af288568beeb57e26408568705
2904
chrome.exe
C:\Users\admin\Downloads\PotPlayerSetup64.exe
executable
MD5: fb34939a4ed0bd56486a733570c48f66
SHA256: 1ad9bdce4324f0fc0667ed4f6b8f00d8579125de7dd5c1b1dfb05885ce7fecbd
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\BS.locale
text
MD5: ff9188bbc0c3a5c14658db0627b28585
SHA256: add647d223c183f6d56a1aa9a22d2b0436f18c9f972da7bc8705cccf867d74dd
3092
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nszFE18.tmp
––
MD5:  ––
SHA256:  ––
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsb3E4.tmp
––
MD5:  ––
SHA256:  ––
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\0018631A.log
––
MD5:  ––
SHA256:  ––
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\modern-wizard.bmp
image
MD5: cea1d5c912992caac10b6e80e311b3d4
SHA256: 93bc936b74a5e54f68a6f847d5013f1f4143525fd481d1f3b3de1326d7bef51f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsg404.tmp\modern-header.bmp
image
MD5: aab39744e2498dd61b338bcf439b6483
SHA256: 2b9fe2878049023951c51f5ad0daa99d69893d04c0477151a55270d4ee5170dc
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 85a55b4ad2c8335efb57db93bec15f6f
SHA256: 2679a28a98582ad454b63479e13bcc18728aae0693db080996b8246f9db98193
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsa40A1.tmp
image
MD5: 28d6814f309ea289f847c69cf91194c6
SHA256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 77a63a7b551a93fa7752a29f0e79548e
SHA256: 0d28ed87283512da76637e36b2591ae6db8f07a2d8661d3636b45b1ebc72f5d6
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 7ee8074debc7ad1c80f4aa534ae364dd
SHA256: 5115e890992fd67297886c7f9d8548d1c2210e9027aa1bde2b56e05fd26f92d5
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF184428.TMP
text
MD5: 7ee8074debc7ad1c80f4aa534ae364dd
SHA256: 5115e890992fd67297886c7f9d8548d1c2210e9027aa1bde2b56e05fd26f92d5
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0dc1bd09-890b-4683-b9af-dbbe04ce6227.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\5bf16389-6431-415c-974a-e84e827c02b9.tmp
––
MD5:  ––
SHA256:  ––
3928
PotPlayerSetup64.exe
C:\Program Files\00183ED9.log
––
MD5:  ––
SHA256:  ––
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\bootstrap_11704.html
html
MD5: 1ea9e5b417811379e874ad4870d5c51a
SHA256: f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\00183CF4.log
––
MD5:  ––
SHA256:  ––
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\ZU.locale
text
MD5: e0fe6b07557ceadb3cdee5cd6bf1553c
SHA256: 9a5f171619d63344771d0af667662cc3672222166fc7d5368724b818d4508b24
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\YO.locale
text
MD5: 28cadcc5482ef94c3dd399966efce474
SHA256: 18350d0b95fea022fe7f65b2c21748423ad96ac9f4a87e833395873d45130dad
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\VI.locale
text
MD5: 1c68a0b054e91821a6ee5fcc95a8f370
SHA256: 949be3edb5994b200e83ca062b6badcffdac4c177ce1a77b2976ede622797399
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\ZH.locale
text
MD5: f87a44df4ee66271fcb7cb8909be2c2e
SHA256: f212cbeb0355b860a19969bf9a685b6aae5e8cd1b50ca97ec59880bdbaac24ad
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\TE.locale
text
MD5: 4c04155e36f1c718a97bcf3f4ba20697
SHA256: a85fdcd0a5fbc7b09f1401a343f2c7d334caac8d7dfbd0d3bfca20a9fd76d7ec
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\UR.locale
text
MD5: f98806a6c51ad09ab464191f95320bba
SHA256: 5e7131784e1de61479c8dc8bfcf8de40ed07f4d0ffdd4a29c42be6f298ad169f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\UZ.locale
text
MD5: d7bb18debd6ae4b95ca1128a01550970
SHA256: 816b2817affbeb1d634235c0d901bdf45504da18527b5cce6895b4cf8cf8e7ba
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\UK.locale
text
MD5: 805b4a7d627d697d81889e90b5dc26f1
SHA256: 63148079e733a889e2531b21e0234c1ba7f1c981f9c1d025e539a5a3b420e065
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\TA.locale
text
MD5: 0357e9121095334fb270b19d2e847368
SHA256: 009f1c6bfbb1f39d8a59e9a8fc589f4dc8a978b4150c283fb2f3f1dfca7a4b87
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\TH.locale
text
MD5: 02b331449294adfdbbafa59074e4984c
SHA256: c53cf743d7169e2d17433d5f123ac45a672d415484fed6af4cbe0f8441b88515
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\TL.locale
text
MD5: 4685406c7549ce5fcb79fae49c013dec
SHA256: 107c995c36d3412886613b05e62bf27c8941b106912c2ed9e9ac54b7240f7524
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\TR.locale
text
MD5: 9456c52aed7848fb1ff6d05de42e8391
SHA256: dd4e1cbeabc982697c1d4227f4c8cd18413351a279962a40041cafe3e427b036
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\SL.locale
text
MD5: 84cc837239842449c8ff335b165c07e6
SHA256: bbe36fcc8d9404395a3e85f76479a6f4f4ec67106e53ad93a3d70747e5157a3d
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\RO.locale
text
MD5: 44652248cbb99cea6dd8f5613b874cfa
SHA256: 57a1b5998c567221f90bfd66f42161273ddd60f52418de1fc939e9c86a51cef9
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\RU.locale
text
MD5: 84c7cb5b39f47ab1cd80ce1f0c25921e
SHA256: 8012719a70324556c482dd3598ba2ed2f959d5dec8a6db44faa421ef672becca
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\SR.locale
text
MD5: af688f29d4745ac3d641017da91ef575
SHA256: bb47f7a85af70aedbb61c86c7ed7199aafb823350b185722468f7a6d492b2632
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\SQ.locale
text
MD5: 393bf5a36c36bd97b7f206a13d602827
SHA256: a6b643c1d26d2a9d13c94c147ba35a520b749c40af3e729910fa99eb636fc63b
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\SK.locale
text
MD5: 405b3c6f0e68d2db60d1585385896623
SHA256: ee1ce5e2bfe867f5600c4a15c47b9d319e23046de25bee4c21b1171bb21a9623
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\SV.locale
text
MD5: d9fd720403c7b8c786224b693c6331ad
SHA256: f7361ffcba975398338a814f1f061720064d58fd838d2b8879f1b3e6dc5138aa
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\PT.locale
text
MD5: 49b6cd7b7b3df73b1de5bb76c4f22e2f
SHA256: bdb75d81031c2e2c588d4be0ad4c303141259dd88e19b3ae9d77580224037998
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\MR.locale
text
MD5: bbaf39e1500f3851ad4ea9a0f8d8e3fd
SHA256: 988c7d261cab45a65b09cb485405da216f34c75d228c7e934c309999d3fbf8dd
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\NE.locale
text
MD5: 5d79e5cec4f95a3ca6a202970ced6d6e
SHA256: 54f1ddd4b34f705ee10714210e71f59ee51b8931a07b190920bbba2e03950c09
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\PS.locale
text
MD5: 06efce2d687d52bcb57a48e8b0b726b4
SHA256: 45a64d28eb92e02855f2ba2c1999cb217ff84f4bc9abc89e49c974cfc884a847
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\PA.locale
text
MD5: ab30b346b4c737c4a9c3ba9b49f2ba83
SHA256: f57cb5d5f9225c52dce26ef9ba742a36b5958f927eec5cd6c898f4f7ea3c3b9c
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\MK.locale
text
MD5: 9766f19ce1168c26a4ba2ab95e177759
SHA256: a4968d3d8bed8e9ea59f980fc5b31b27bf81911036d70f9305956ede2d92f28f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\NL.locale
text
MD5: ade4560acaaf360f9dc5e590419abe83
SHA256: 23d3afc51acc6f786f6fcb46aeb0cf74af9f430a0aa539916f68c6be8a7add48
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\NO.locale
text
MD5: 2febd73097d15772b1c90a4e12278018
SHA256: 8585251a7a33f40b2cebb310f57ac0f80dff863bffec69874eb20923eb98adbf
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\PL.locale
text
MD5: fb48165b230ae752119d6f89bd7699ee
SHA256: 6c83b789070f2f9f193aaac52e6f610e6766007352bebb7ee9f6113439ccae48
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\ML.locale
text
MD5: 119243b7f2c19e278e4684d266de18e6
SHA256: 5db2b398c16f0c95f1caa5d268be5b6fa2da37072bf3522b9d911a7cbe7e19d8
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\MS.locale
text
MD5: e333713949b150ee82345f922e0040ec
SHA256: 44d77861ff9fc61c13bc1408e2e8d43c32673844c7f0b04e17f075232e4ba7de
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\JA.locale
text
MD5: 6bc9980050aed56c2eab3b378bd2ca7c
SHA256: 330e2fcef32fdf2acc2e0ca307436926ffb03532af10bea54ea6c1d66ef9e32f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\KO.locale
text
MD5: dbf7f7864e99ee24bee3a2acdb534766
SHA256: 9039e23765337dcfff2cf9eefbb33a6394c5fe402843209298ef0f31db3cb494
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\LO.locale
text
MD5: 08a83d5e6c8683249c5c3b195a33a007
SHA256: 7dd5d3b863ae1c4fce0a3342646639cc8dac2423b2addcc14bcc585a7b8dd83f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\LT.locale
text
MD5: ed29292834140f8500e4548bf3dffbf2
SHA256: 278889852149473c3f2795593f25a1e544e367a07297573f01e712dde175fee8
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\KA.locale
text
MD5: 1a4abc33ce6e481942ecc7de68ca8d9c
SHA256: 70a39de6f6c425e362bafb70401e762fd724be0aa208748378d199ac4aab3072
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\KK.locale
text
MD5: 27cadfd9aa0fe98538ea44e91c149070
SHA256: f4ba3b56a35e18371e059ba3b9e9711c3cd99d04295ba51ae826767c12aa38e9
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\KU.locale
text
MD5: 1b0984c7b45d39fb72f200c72c1d00bd
SHA256: 6ee56f9f35e3c11102221ea9fd6bb083e75826c9dad46fc9fd5705363b191e40
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\LV.locale
text
MD5: 5db26fee22efa33110cdc356002e82ae
SHA256: a925bc583d473136f561fbc2893685ad0112cd578d7fec9ced53cab8a8bf4681
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\IS.locale
text
MD5: e43741977970f32159950e862a2e51ca
SHA256: f6706486f6928bc7f56e5ba9269cb57780a1a3db1cf08ccbf477418579e2b421
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\HR.locale
text
MD5: 0df1fbe32d5c0037c39d94981f56e186
SHA256: 9078de8455c43a85408108abe2181be496897dc0bcbf533b15098fcddd4ebce1
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\HU.locale
text
MD5: 7cce69e942d9e14a1cf10280499a2667
SHA256: 83001fce7998f3de063073587f905a13c7649f45ffd3139e8f589978e8fdaf7f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\ID.locale
text
MD5: e871501287a24ef0d6802d62cd27b46c
SHA256: 0f2899ee236e8d53022ab9f18202114e1567e6c8c93a3fdd128f38bb80355931
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\IT.locale
text
MD5: 5beb8094b02db5fe5acb113ea615b428
SHA256: 046a44dbd7f96007576ae6e193d308b16dd409f24b3434b2f97bc9e32d03ebec
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\HI.locale
text
MD5: 791e420383be8d190644640fe7a10ab6
SHA256: 38c96d6da4f0b00a61cfc0f3734b80a37cf79d92cb583428e23e8381746081ca
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\HT.locale
text
MD5: 642c180660f79cd3cc7d841614b57365
SHA256: 045aa565e48add4ccbeab74bf38248733e0c4d8becaefab19a6746213ba17762
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\HY.locale
text
MD5: ab8b9b0e16b5ef75e0357a8b3f490e05
SHA256: 480570dada38e88b723aa39ac7d79eac7915eb72550b96157022ee0324406804
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\HE.locale
text
MD5: d1aea6c331c1db405a2a991346533477
SHA256: f71341df3639a6017693333d8bcce3131ca51f428adea6e940e21d2475342b79
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\EL.locale
text
MD5: 71035ad0232f4d8dc0e837d5865e8834
SHA256: 3aea8bcfd2855028b3c77db0b53627e8884cd9c1d9481a8d83731a9d2b1e5d9f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\FA.locale
text
MD5: 9dbb5724b5a1526b1bfad362d67854f2
SHA256: b154cb9b33a3f2d3390b201025a027c0dee848f98118d601a5710988e95e33b3
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\FR.locale
text
MD5: 227c91a86f898c3b565180646141d680
SHA256: 5109297aaf2b41406b4b210c1da7cfe462c195af1b2bf1b60225477903919bc2
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\FI.locale
text
MD5: aa02a7f1269174618543687ea202f385
SHA256: b891b31e69071351a1669b93f35c434f094973931572dfe36b3c24e648a0d12b
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\EN.locale
text
MD5: 4459c311642a67b43941afcf798d7791
SHA256: d27e381c436210ac3d8c5ba9a2954cc050619b353c99c5978bb775759cd5f3b0
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\EU.locale
text
MD5: 49c617241f6bfd93bc5b4b0573bd8b26
SHA256: 6c7241993651cb8414a78afc817b4a40dbbe3a359e7a8ce1f5e31ac1c6f78171
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\ES.locale
text
MD5: 53755996be49144a3a83890c026b4049
SHA256: d8cd03140dc31d4d08b2c7cb8067a77ca46ad3c58347988e6625cf15c6c8a4e2
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\GU.locale
text
MD5: d58f240e4f4d700b8523cd8ecb3a83e2
SHA256: 25f31b56585cc3a34b59b9e72e8eff6a654d911fe1c7fb18feeb8dc62d4e0331
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\ET.locale
text
MD5: 31adb5d5e61e0a2e7fa200340df57102
SHA256: de026d2a590398259e6f34200aceb16ffca75c7b8479930b9c2d5524869cce15
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\DA.locale
text
MD5: 7b1312c0dea89488087e56d35651e472
SHA256: e2f6b6a141164fd442aeaa79a261f2e9799a0c7700c928df701702468b902a8c
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\CS.locale
text
MD5: 0af631d42063eef22d6bfcf3b1780254
SHA256: 8290556e9ad37befee2ccff5b65aab1dd44ac7f45292220a33ab30282e6b9d3a
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\BG.locale
text
MD5: c77a1f22bc00991db483daad060c21b9
SHA256: f3cfc4b300d6ac056cd21934c9a4cefbfde6531905323f08bf1985f9f3867da9
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\CA.locale
text
MD5: 18dd92b6bfcf4b2d04ec752f2bbed37e
SHA256: acd3d339fc4c4978bd6942e95f451da49d10e8861d8d89022c9edc62748039f3
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\DE.locale
text
MD5: ac99de234c1c7dff173e1be6507d2b50
SHA256: 5f5f05b25b6f44af38ae2fabb99b1bb3f4cc9413e2275b2998b0d3771286737f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\BE.locale
text
MD5: 411748400cd72340bcf29e34f539340a
SHA256: 2c9e5a82c1edabe537c04c330a87332faa1188a4ba3394084e756e9ab2f0066a
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\images\progress-bg.png
image
MD5: e9f12f92a9eeb8ebe911080721446687
SHA256: c1cf449536bc2778e27348e45f0f53d04c284109199fb7a9af7a61016b91f8bc
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\AZ.locale
text
MD5: 90a482ef6f51d900b5f3fbbfdeeedd8b
SHA256: 254679039a064418809eb8c9187c0d6588a0f2e44c671b77f79c82806c900750
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\images\progress-bg2.png
image
MD5: b582d9a67bfe77d523ba825fd0b9dae3
SHA256: ab4eeb3ea1eef4e84cb61eccb0ba0998b32108d70b3902df3619f4d9393f74c3
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\locale\AF.locale
text
MD5: 85683d68fac960fd7887669059b18113
SHA256: 6578baf8fab1dce694229303df0bac1be2bca437d05f3391d9939d9610028fe1
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\images\Loader.gif
image
MD5: 57ca1a2085d82f0574e3ef740b9a5ead
SHA256: 476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\images\button-bg.png
image
MD5: 98b1de48dfa64dc2aa1e52facfbee3b0
SHA256: 2693930c474fe640e2fe8d6ef98abe2ecd303d2392c3d8b2e006e8942ba8f534
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\images\progress-bg-corner.png
image
MD5: 608f1f20cd6ca9936eaa7e8c14f366be
SHA256: 86b6e6826bcde2955d64d4600a4e01693522c1fddf156ce31c4ba45b3653a7bd
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\checkbox.css
text
MD5: 64773c6b0e3413c81aebc46cce8c9318
SHA256: b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\progress-bar.css
text
MD5: 5335f1c12201b5f7cf5f8b4f5692e3d1
SHA256: 974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\ie6_main.css
text
MD5: 74f08d5a243ae79f1de64dffdaf846cb
SHA256: 15590060bfd227f656e569031113a080e0d45621a5c944dfc352f869eadafef2
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\browse.css
text
MD5: 6009d6e864f60aea980a9df94c1f7e1c
SHA256: 5ef48a8c8c3771b4f233314d50dd3b5afdcd99dd4b74a9745c8fe7b22207056d
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\main.css
text
MD5: 9b27e2a266fe15a3aabfe635c29e8923
SHA256: 166aa42bc5216c5791388847ae114ec0671a0d97b9952d14f29419b8be3fb23f
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\csshover3.htc
html
MD5: 52fa0da50bf4b27ee625c80d36c67941
SHA256: e37e99ddfc73ac7ba774e23736b2ef429d9a0cb8c906453c75b14c029bdd5493
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\nsd158807830169\css\sdk-ui\button.css
text
MD5: 37e1ff96e084ec201f0d95feef4d5e94
SHA256: 8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534
3928
PotPlayerSetup64.exe
C:\Users\admin\AppData\Local\Temp\00183B6E.log
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF18badf.TMP
text
MD5: a8150a0600b4b56598fa64684382e86d
SHA256: 8e70ccd9ea9b970faf290f5913f18eb67e874a89de7c1750ef68a3ecbe39b9c5
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: a8150a0600b4b56598fa64684382e86d
SHA256: 8e70ccd9ea9b970faf290f5913f18eb67e874a89de7c1750ef68a3ecbe39b9c5
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\a3745c2e-a224-4fe5-a6e1-3cb3c1f98e8d.tmp
––
MD5:  ––
SHA256:  ––
3928
PotPlayerSetup64.exe
C:\spltmp.bmp
image
MD5: d4ee30123118db940a32a53ac885160b
SHA256: 588afc91c651687c80ec5cdb8201881ea01212e2b4c898ec679ea2f4835c1f5b
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 520aff49b7925e7dddd0a52147bb015a
SHA256: bb657190f1eaabb4b62d6d102ad0e81de258bf105c261d676320bb141555e4ab
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF181c6c.TMP
text
MD5: 520aff49b7925e7dddd0a52147bb015a
SHA256: bb657190f1eaabb4b62d6d102ad0e81de258bf105c261d676320bb141555e4ab
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2b905a78-d9bc-4b98-96c2-844b8e4da350.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 352b878a19d2742b997921674aa3f86d
SHA256: 7180ee6c3a3e598799b166ac249023b49180f506c45fbb2f4e7640e002587457
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF180c9d.TMP
text
MD5: 352b878a19d2742b997921674aa3f86d
SHA256: 7180ee6c3a3e598799b166ac249023b49180f506c45fbb2f4e7640e002587457
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\f86122d8-66a2-4889-948c-867029951758.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 334772942879a7e43bb73d511bfbc27e
SHA256: f5fda12fac22bae6332ccf6ffbee30edbfbb79405b64f7aa1dd4345f8d26a0de
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF18b90a.TMP
text
MD5: 334772942879a7e43bb73d511bfbc27e
SHA256: f5fda12fac22bae6332ccf6ffbee30edbfbb79405b64f7aa1dd4345f8d26a0de
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\264c07ff-e51f-4ff3-816e-48e163f8e1f5.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 78792bf4172c072dc9623785ea95360b
SHA256: e88814ef0494df80a93bbefbe74e38f8d6c32826ffa683550889660498a3b3c2
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF17f4b0.TMP
binary
MD5: 78792bf4172c072dc9623785ea95360b
SHA256: e88814ef0494df80a93bbefbe74e38f8d6c32826ffa683550889660498a3b3c2
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c14cbaf5-50b4-418d-bda7-7eacb7a0bbc4.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 82deccfcc04f4783179da7eb3f1ddd47
SHA256: b6e3f317f2000ddbf902c5382e8e3fbb467859796782508b676779ef7832b68c
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\288e6263-d503-4d27-b089-0160eac04064.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\Downloads\PotPlayerSetup64.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF186d1c.TMP
text
MD5: 7ee8074debc7ad1c80f4aa534ae364dd
SHA256: 5115e890992fd67297886c7f9d8548d1c2210e9027aa1bde2b56e05fd26f92d5
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\3296c3d6-bbca-49b5-b696-7a466a0ab4af.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF186afa.TMP
text
MD5: bbbbd10699f48946d499e37189701ebc
SHA256: d4960c1bbfb4250adb2998bb57bf08074e9bff0bdf9985debd0614ba0e239ecf
2372
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF17d551.TMP
text
MD5: 6f937b8aa095d09404b26733a4f4ac53
SHA256: 09c387ba927490a58236ada8c736b7fe4dee128312e0ccbe53a4389873316fab
2372
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 6f937b8aa095d09404b26733a4f4ac53
SHA256: 09c387ba927490a58236ada8c736b7fe4dee128312e0ccbe53a4389873316fab
2372
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\907ee99e-06da-4703-aaeb-f7f73aededb1.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 2cdea75ffd8e6ed723bc59320f627cfb
SHA256: 55ca9ee53a5ceef8bd6038c567ea52bf6675e0fecde4fa759547504f51391b0c
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF17ce1d.TMP
text
MD5: 2cdea75ffd8e6ed723bc59320f627cfb
SHA256: 55ca9ee53a5ceef8bd6038c567ea52bf6675e0fecde4fa759547504f51391b0c
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\38a4115f-014a-4e04-bea4-b9b5273e64d3.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF17cd14.TMP
text
MD5: a7aed1f44dadd7558acf30f9a467263a
SHA256: 5db270cbcf3f9a1a0a1c6867bb4b3340990c465509da80a4de2ad6b84fa85a3c
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: a7aed1f44dadd7558acf30f9a467263a
SHA256: 5db270cbcf3f9a1a0a1c6867bb4b3340990c465509da80a4de2ad6b84fa85a3c
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\277f1012-93e7-47aa-915d-ed395bae5cea.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 97aa7678fb9d338d08c371711b54a104
SHA256: 4657635b66fa68ae1550b7bff4e54016f8874b4df43a004c9a7244c8465c6ca8
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 92eb31d830454841999ecdb4a714d301
SHA256: 63f01870e03b0329f3ae859435ef5610661a45085390af36275ae7d6808c8ffb
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: bbbbd10699f48946d499e37189701ebc
SHA256: d4960c1bbfb4250adb2998bb57bf08074e9bff0bdf9985debd0614ba0e239ecf
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF17afb8.TMP
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF17af1c.TMP
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\6a3f1d4e-63ed-4059-9cc7-561ed8bb6604.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF17ad95.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: 74741214b798c57123bf97064100090b
SHA256: b23e7fe9f93ea24017e72c630e90445fb691c069b039a5f58811a6e6d0cda76f
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 722d616be0caaf9ed585c9aea7f3742c
SHA256: f86c514fa380332be463670b3b334c8feedc2f6cb9b4118ea367729b056de0fb
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 911b244e4a362b56f2478647d2d61a40
SHA256: 3a5aec1ea537d8841e604d0aa4cd5f9241c805a3d4eb4e372cfb7eeb3678a361
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 0acecca4cf9ade756da7cc9dcdf02d50
SHA256: 18f910775132b4fee014ea0fab836d857f367e76232fab4ae6a86a92e4c3ebee
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RF17a865.TMP
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF17a855.TMP
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF17a807.TMP
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\73009f43-aad5-4979-99dd-9905c7ba0205.tmp
––
MD5:  ––
SHA256:  ––
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF17a7f8.TMP
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF17a79a.TMP
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF17a77b.TMP
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF17a76b.TMP
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f
SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520
3512
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2904
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF18f93f.TMP
text
MD5: a8150a0600b4b56598fa64684382e86d
SHA256: 8e70ccd9ea9b970faf290f5913f18eb67e874a89de7c1750ef68a3ecbe39b9c5

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
4
TCP/UDP connections
17
DNS requests
12
Threats
4

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2372 chrome.exe GET 200 174.35.78.85:80 http://t1.daumcdn.net/potplayer/PotPlayer64/v4/PotPlayerSetup64.exe NL
executable
suspicious
3928 PotPlayerSetup64.exe GET 200 52.214.73.247:80 http://cloud.posofett-hod.com/ IE
––
––
malicious
3928 PotPlayerSetup64.exe POST 200 52.214.73.247:80 http://cloud.posofett-hod.com/ IE
binary
––
––
malicious
3928 PotPlayerSetup64.exe POST 200 52.214.73.247:80 http://cloud.posofett-hod.com/ IE
binary
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2372 chrome.exe 174.35.78.85:80 CDNetworks Inc. NL suspicious
2372 chrome.exe 172.217.22.67:443 Google Inc. US whitelisted
2372 chrome.exe 172.217.22.77:443 Google Inc. US whitelisted
2372 chrome.exe 172.217.23.164:443 Google Inc. US whitelisted
2372 chrome.exe 172.217.21.227:443 Google Inc. US whitelisted
2372 chrome.exe 172.217.18.110:443 Google Inc. US whitelisted
2372 chrome.exe 174.35.78.174:80 CDNetworks Inc. NL unknown
3928 PotPlayerSetup64.exe 52.214.73.247:80 Amazon.com, Inc. IE malicious
3928 PotPlayerSetup64.exe 211.231.99.201:443 Kakao Corp KR unknown
3928 PotPlayerSetup64.exe 52.51.129.59:80 Amazon.com, Inc. IE malicious
–– –– 216.58.207.35:443 Google Inc. US whitelisted
2372 chrome.exe 172.217.16.206:443 Google Inc. US whitelisted
2372 chrome.exe 216.58.210.10:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 172.217.22.67
whitelisted
t1.daumcdn.net 174.35.78.85
174.35.78.174
suspicious
accounts.google.com 172.217.22.77
shared
www.google.com 172.217.23.164
whitelisted
ssl.gstatic.com 172.217.21.227
whitelisted
sb-ssl.google.com 172.217.18.110
whitelisted
cloud.posofett-hod.com 52.214.73.247
54.194.149.175
malicious
track.tiara.daum.net 211.231.99.201
211.231.99.137
unknown
ww2.posofett-hod.com 52.51.129.59
52.50.98.206
34.247.72.148
malicious
www.gstatic.com 216.58.207.35
whitelisted
clients1.google.com 172.217.16.206
whitelisted
safebrowsing.googleapis.com 216.58.210.10
whitelisted

Threats

PID Process Class Message
2372 chrome.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
3928 PotPlayerSetup64.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
3928 PotPlayerSetup64.exe Misc activity ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3

1 ETPRO signatures available at the full report

Debug output strings

No debug info.