Malware Analysis Report

2025-08-05 16:59

Sample ID 240108-d77tlaaeam
Target 4a574b2daf4286091bb68c583bd88bd3
SHA256 5920c7c76367c8d179dbf3c19e8b82ab3880f4b9c2de056b3e4f61bf2f052d5c
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

5920c7c76367c8d179dbf3c19e8b82ab3880f4b9c2de056b3e4f61bf2f052d5c

Threat Level: Shows suspicious behavior

The file 4a574b2daf4286091bb68c583bd88bd3 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Drops desktop.ini file(s)

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-08 03:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 03:40

Reported

2024-01-08 03:42

Platform

win7-20231215-en

Max time kernel

118s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe"

Signatures

Drops desktop.ini file(s)

Description Indicator Process Target
File created \??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\msadc\msadcs.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12 C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Internet Explorer\D3DCompiler_47.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\en-US\OmdProject.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3 C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\bin\javac.exe C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe

"C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe"

Network

N/A

Files

memory/3036-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

MD5 cc5a8dcfac0eff24c6cf3c7ed2948c16
SHA1 04db8142d9e3d5581566ed5a1e4392a6cd17d05e
SHA256 a59e2a7b2cb813dee0ad991b6ed1491c621df6ed4dda2b7e7d3406f38b3adb74
SHA512 7b8dd0d665bff36a010cdaa0eff0910d8fd89ad31286ea1001f10871beaaf0b40a79104f700ddf48a6862299d30e85d97bd0d249ce23735ee234a7f01a57a8d5

memory/3036-21-0x0000000000400000-0x000000000040A000-memory.dmp

memory/3036-234-0x0000000000400000-0x000000000040A000-memory.dmp

memory/3036-253-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib

MD5 b5b682b742431a52ea8b17c72ad9c572
SHA1 326320f469235708c59f678c9a7357dca552d306
SHA256 30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA512 4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html

MD5 386b6087dd9575fc6b8ada0f7a463723
SHA1 5373d4ffd89438a60b8ae0858c3bc4e8d37f540a
SHA256 ef494685ac9644ba5672cfc49c6efe5e09a2d71706d5cf4b57171f7d5f7a70d1
SHA512 1d39dd2dd736431ebe0e7f16a9f10b748e522cfee03a187ad020708e48ed676a21eef6b3ac3b1f600cff2e19f1d30ca25f682fe773650b3fc97e20f0afd8557b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html

MD5 8ed35e04c7556933d923ee706f8312d7
SHA1 15b0c7aae539b756640e9d28e6f68d82bd5b9294
SHA256 f2f8e2280b4118ce0ecbf0c58b73fba5e9666f8cdb53fabe8a1fb6fbcd48e2c7
SHA512 3f37e8d86d9495f5a5ba4639c2b178d8c3ce0236d4578638630fc901fd4c6d0d40fd3e57e0e28ad9e049295425864a14bf32d1368769e19e749226c5ff84e84b

memory/3036-1118-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf

MD5 f6dbc4b34179e10f9b6c0e2d5d24c2c6
SHA1 1c53d71700022886c41b568a9514924fd3c1c62b
SHA256 05df06e24037881941804db6ca15f7a25dd10a536b0f642e7a3d09de07256206
SHA512 25a2bc555f2e49610a0490377bf687188f7e13931cbd8e29482584e552b65a2e51fe84fa5153825517a011d7b65df831911c302ae482b23fa0b118524e8af24b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 6a922ae3979f4cd80d73e62711c19826
SHA1 4cc0a5bf46db54e1c54059394fb9f64b95d4ef69
SHA256 9cd780aa41ad06ec2e7f40837e69fa0c02a8f069e51ca8c8622b5e43ab84fb61
SHA512 a285f8c0b5deb7a22bfe98c31c1bb44ad2cec3c512b0b0a018c6a8ca51718c6cbd5f805236dcf1c6d6e2b8a8f91d521b1653c055c9d71f67c4de5579047040f3

memory/3036-1363-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-08 03:40

Reported

2024-01-08 03:43

Platform

win10v2004-20231215-en

Max time kernel

158s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe"

Signatures

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification \??\c:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\ado\adojavas.inc C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\ado\msado15.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Specialized.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceModel.Web.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\7z.sfx C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\micaut.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\rtscom.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VC\msdia100.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipstr.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\ado\msador28.tlb C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebClient.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Csp.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\msadc\msadds.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Extensions.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\System\ado\msado26.tlb C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.dll C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A
File created \??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe

"C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 21.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/1168-0-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-1-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-2-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Program Files\7-Zip\7-zip.chm

MD5 9ba30280f2ddf375ba9d8b4cb8bdfc4d
SHA1 6826b98dde33c9764ef9d007a76cc12606776751
SHA256 1efde4d9205ce466da9980656ed3e51614725b71548663dfcc6c1b8d6ccda32c
SHA512 01198a43554cffd13d9916c98a84be3feff95f163e9b254ba13f122f2e43be1d467ae389ea715ba3b1497c5cc71cd14f7e2d4268540c33669d46d5b2fd589928

memory/1168-22-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-49-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-124-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-145-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-203-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-212-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-213-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-214-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-230-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-231-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-291-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-322-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-365-0x0000000000400000-0x000000000040A000-memory.dmp

memory/1168-475-0x0000000000400000-0x000000000040A000-memory.dmp