Analysis Overview
SHA256
037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed
Threat Level: Shows suspicious behavior
The file 037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 06:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 06:34
Reported
2024-06-10 06:38
Platform
win7-20240221-en
Max time kernel
102s
Max time network
126s
Command Line
Signatures
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\DVD Maker\de-DE\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.data\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\DVD Maker\ja-JP\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\DVD Maker\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe
"C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
Files
memory/2236-0-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1200-5-0x0000000002680000-0x0000000002681000-memory.dmp
memory/2236-7-0x0000000000400000-0x0000000000436000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\_desktop.ini
| MD5 | 60b1ffe4d5892b7ae054738eec1fd425 |
| SHA1 | 80d4e944617f4132b1c6917345b158f3693f35c8 |
| SHA256 | 5e9944cc48c7ec641cf7b1b0125f47f26102c371a973612f0583f604bc3900d4 |
| SHA512 | 7f5c200924dbb5531df997e6a35cb94f36b54f5651284b0d6404f0576301125ef72b410a170fca889d46c033063663cfc7791f9e4c3c30695af069053eee66cc |
memory/2236-14-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2236-20-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2236-66-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2236-72-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files\7-Zip\7zFM.exe
| MD5 | a56aa19283e549826773ba3d83076069 |
| SHA1 | f0b45d0ac088d1f2979f5304fd048b92f4f3cfbb |
| SHA256 | 66f5e3dcf358be1227ad7291d186f158c8774d341123f648428611566f552f00 |
| SHA512 | 548c9b5d006d83e5081e4a5e93496e40425be5f33447ee755f576009e5ecfc3cf826a858da8c2e2a197bd1b986814a306f362a772c0295ac47ad078fe632a318 |
memory/2236-1825-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | 9fff503fad7fa1d9cc7453fdf86ff0e0 |
| SHA1 | f9b728ba2e8bf2b3a570583f06b0fd7e9fce4ef2 |
| SHA256 | 826148f8b31a5372a71adf8f51961e1b59de63c8865393feffb99ece5e113147 |
| SHA512 | c00773863ea4b6d88ba1c5a9dcfd2f1033e540c854f2f041bb193f367a9153d54d9fcec0c71e4e9834bbe98a6a5be030b045d34e3b54d69cddfd4d427895af4f |
memory/2236-3285-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | fa206f767146a606f0b776b46a2544c3 |
| SHA1 | ec7138df4ab98278408f0a58eb467116eb464180 |
| SHA256 | a2ccf18bd1f3a73579d8d9f94d6103c88d0486a85b87abce8987290d91ca33be |
| SHA512 | edaff8bb622a7ea55d67bb23a8fa68016a41f4dca9b15de471399d5d25eb0d46ec26096ab722fa227e4f7f5888591826089c170ef5343721482f73462db0e8ac |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 06:34
Reported
2024-06-10 06:38
Platform
win10v2004-20240508-en
Max time kernel
80s
Max time network
156s
Command Line
Signatures
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe
"C:\Users\Admin\AppData\Local\Temp\037c1fc35982012dddedd497646d12ef35654415a14d4bbd467dca672954a3ed.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
memory/3192-0-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3192-5-0x0000000000400000-0x0000000000436000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini
| MD5 | 60b1ffe4d5892b7ae054738eec1fd425 |
| SHA1 | 80d4e944617f4132b1c6917345b158f3693f35c8 |
| SHA256 | 5e9944cc48c7ec641cf7b1b0125f47f26102c371a973612f0583f604bc3900d4 |
| SHA512 | 7f5c200924dbb5531df997e6a35cb94f36b54f5651284b0d6404f0576301125ef72b410a170fca889d46c033063663cfc7791f9e4c3c30695af069053eee66cc |
memory/3192-12-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3192-18-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3192-22-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files\dotnet\dotnet.exe
| MD5 | 8458118f265ea83812b891827611763d |
| SHA1 | ad5b818dacf32c31d52dd3f2e4dfefd930bb09f9 |
| SHA256 | 24b04df7011d630c250cdd7d52249748ba97fb6a4036bc6e16f5ba965d66b153 |
| SHA512 | 9dbd8b7b1fc301ab20e7e197fb3f7fabbc3c39d21a2a717ba66ab9c91f0beb620c26d55650a1ec4822d8b0cc91382fdd339579799910982ea1544ae1fcbe0c6d |
memory/3192-1216-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | 9fff503fad7fa1d9cc7453fdf86ff0e0 |
| SHA1 | f9b728ba2e8bf2b3a570583f06b0fd7e9fce4ef2 |
| SHA256 | 826148f8b31a5372a71adf8f51961e1b59de63c8865393feffb99ece5e113147 |
| SHA512 | c00773863ea4b6d88ba1c5a9dcfd2f1033e540c854f2f041bb193f367a9153d54d9fcec0c71e4e9834bbe98a6a5be030b045d34e3b54d69cddfd4d427895af4f |
memory/3192-4782-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | 0c9de19b9991afe6465725eb0c96d2ee |
| SHA1 | 8bf03e9174fd8481ad6529fd05e90666593f0b18 |
| SHA256 | e18a2ba77878bec56ed24f422f4daf0bd7232764b514654e02bc8417b5128afe |
| SHA512 | 92ed9c8b6dad1a58730bc139d5197c15a13300faae1bde8026827ae248d6043817614f362dedd23a27868e695f52302f618c9f2f504fb878791b5345adfc6171 |
memory/3192-5221-0x0000000000400000-0x0000000000436000-memory.dmp