Analysis Overview
SHA256
5920c7c76367c8d179dbf3c19e8b82ab3880f4b9c2de056b3e4f61bf2f052d5c
Threat Level: Shows suspicious behavior
The file 4a574b2daf4286091bb68c583bd88bd3 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-01-08 03:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-08 03:40
Reported
2024-01-08 03:42
Platform
win7-20231215-en
Max time kernel
118s
Max time network
124s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | \??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\msadc\msadcs.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12 | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Internet Explorer\D3DCompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\en-US\OmdProject.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3 | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\bin\javac.exe | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe
"C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe"
Network
Files
memory/3036-0-0x0000000000400000-0x000000000040A000-memory.dmp
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll
| MD5 | cc5a8dcfac0eff24c6cf3c7ed2948c16 |
| SHA1 | 04db8142d9e3d5581566ed5a1e4392a6cd17d05e |
| SHA256 | a59e2a7b2cb813dee0ad991b6ed1491c621df6ed4dda2b7e7d3406f38b3adb74 |
| SHA512 | 7b8dd0d665bff36a010cdaa0eff0910d8fd89ad31286ea1001f10871beaaf0b40a79104f700ddf48a6862299d30e85d97bd0d249ce23735ee234a7f01a57a8d5 |
memory/3036-21-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3036-234-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3036-253-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib
| MD5 | b5b682b742431a52ea8b17c72ad9c572 |
| SHA1 | 326320f469235708c59f678c9a7357dca552d306 |
| SHA256 | 30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76 |
| SHA512 | 4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html
| MD5 | 386b6087dd9575fc6b8ada0f7a463723 |
| SHA1 | 5373d4ffd89438a60b8ae0858c3bc4e8d37f540a |
| SHA256 | ef494685ac9644ba5672cfc49c6efe5e09a2d71706d5cf4b57171f7d5f7a70d1 |
| SHA512 | 1d39dd2dd736431ebe0e7f16a9f10b748e522cfee03a187ad020708e48ed676a21eef6b3ac3b1f600cff2e19f1d30ca25f682fe773650b3fc97e20f0afd8557b |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html
| MD5 | 8ed35e04c7556933d923ee706f8312d7 |
| SHA1 | 15b0c7aae539b756640e9d28e6f68d82bd5b9294 |
| SHA256 | f2f8e2280b4118ce0ecbf0c58b73fba5e9666f8cdb53fabe8a1fb6fbcd48e2c7 |
| SHA512 | 3f37e8d86d9495f5a5ba4639c2b178d8c3ce0236d4578638630fc901fd4c6d0d40fd3e57e0e28ad9e049295425864a14bf32d1368769e19e749226c5ff84e84b |
memory/3036-1118-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | f6dbc4b34179e10f9b6c0e2d5d24c2c6 |
| SHA1 | 1c53d71700022886c41b568a9514924fd3c1c62b |
| SHA256 | 05df06e24037881941804db6ca15f7a25dd10a536b0f642e7a3d09de07256206 |
| SHA512 | 25a2bc555f2e49610a0490377bf687188f7e13931cbd8e29482584e552b65a2e51fe84fa5153825517a011d7b65df831911c302ae482b23fa0b118524e8af24b |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA
| MD5 | 6a922ae3979f4cd80d73e62711c19826 |
| SHA1 | 4cc0a5bf46db54e1c54059394fb9f64b95d4ef69 |
| SHA256 | 9cd780aa41ad06ec2e7f40837e69fa0c02a8f069e51ca8c8622b5e43ab84fb61 |
| SHA512 | a285f8c0b5deb7a22bfe98c31c1bb44ad2cec3c512b0b0a018c6a8ca51718c6cbd5f805236dcf1c6d6e2b8a8f91d521b1653c055c9d71f67c4de5579047040f3 |
memory/3036-1363-0x0000000000400000-0x000000000040A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-08 03:40
Reported
2024-01-08 03:43
Platform
win10v2004-20231215-en
Max time kernel
158s
Max time network
162s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\ado\adojavas.inc | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\ado\msado15.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Specialized.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceModel.Web.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\micaut.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\rtscom.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\VC\msdia100.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\ipstr.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\ado\msador28.tlb | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebClient.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Csp.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\System\msadc\msadds.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Extensions.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\System\ado\msado26.tlb | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.dll | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui | C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe
"C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/1168-0-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-1-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-2-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Program Files\7-Zip\7-zip.chm
| MD5 | 9ba30280f2ddf375ba9d8b4cb8bdfc4d |
| SHA1 | 6826b98dde33c9764ef9d007a76cc12606776751 |
| SHA256 | 1efde4d9205ce466da9980656ed3e51614725b71548663dfcc6c1b8d6ccda32c |
| SHA512 | 01198a43554cffd13d9916c98a84be3feff95f163e9b254ba13f122f2e43be1d467ae389ea715ba3b1497c5cc71cd14f7e2d4268540c33669d46d5b2fd589928 |
memory/1168-22-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-49-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-124-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-145-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-203-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-212-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-213-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-214-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-230-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-231-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-291-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-322-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-365-0x0000000000400000-0x000000000040A000-memory.dmp
memory/1168-475-0x0000000000400000-0x000000000040A000-memory.dmp