Analysis Overview
SHA256
3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd
Threat Level: Shows suspicious behavior
The file 3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:43
Reported
2024-06-13 18:45
Platform
win7-20240611-en
Max time kernel
146s
Max time network
125s
Command Line
Signatures
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\services_discovery\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Triedit\it-IT\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Mahjong\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTO\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Media Player\fr-FR\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\gd\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Chess\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Media Player\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Chess\it-IT\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Microsoft Games\More Games\de-DE\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Windows Journal\it-IT\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Document Parts\1033\14\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\id\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\skins\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\1033\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\playlist\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Photo Viewer\en-US\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Kentucky\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Microsoft Games\FreeCell\de-DE\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe
"C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
Files
memory/2444-0-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1188-5-0x00000000029B0000-0x00000000029B1000-memory.dmp
memory/2444-7-0x0000000000400000-0x0000000000435000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-39690363-730359138-1046745555-1000\_desktop.ini
| MD5 | 4f2460b507685f7d7bfe6393f335f1c9 |
| SHA1 | 378d42f114b1515872e58de6662373af31ab8c7b |
| SHA256 | 47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42 |
| SHA512 | 75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb |
memory/2444-14-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2444-20-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2444-66-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2444-72-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Program Files\7-Zip\7zFM.exe
| MD5 | b5f68b8b5db039fa8259fd642e97b47c |
| SHA1 | b770612744e48448d38eabf3623ea01019f2c834 |
| SHA256 | f1e4bf7f4289827a8f78803eb8a2fc56123884ae194f425d9fe9010aea6be037 |
| SHA512 | da459b7f6d7151aa47b46ceaf16e6ce0c6d65280667ce0fde3665bd04c78522072603f7f35add45c9db809ed610e4368b7721b215808297c1697b05e4f9aa852 |
memory/2444-199-0x0000000000400000-0x0000000000435000-memory.dmp
memory/2444-1849-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | e723a1bc7f82cb9ebbb977cdc1fb1be3 |
| SHA1 | 69f4ed87384d009a9669dfb8f26482e1435bcdb1 |
| SHA256 | 2cea9cadd842f36c80e051ed4cbd759e6269674d54ef65ec7056b5ac71ee4913 |
| SHA512 | 2c79d02c7e32c37e46f18996fe87e3b269068449d4df2e0539ef63c01cd4be8a84c8e3954f5985159eb2428fdd5bb62ca2eafa3c3c4bae51a3b4a64facaa0c0c |
memory/2444-3309-0x0000000000400000-0x0000000000435000-memory.dmp
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 4100989c8d5ce68961d0c2b60a89a51e |
| SHA1 | 8b80ac2c768b4e560136c43fe18216f0297c5a46 |
| SHA256 | df07c2ea6c79547869af56432ba7575f1e3bfd4d899869ab16b4c66f3ae09735 |
| SHA512 | efbff8c2cbd481560a61c2c0fa375dae37b6ee0fe1a57d1db9cbccbf34e10649541171ff3f1c4888bf680c029186b882afb0fa2919288edee114f59cdcbae50a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:43
Reported
2024-06-13 18:45
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-fr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\CrashReports\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\Pester\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sk-sk\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ja-jp\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ru-ru\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\tr-tr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\nb-no\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\ModifiableWindowsApps\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\en\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\he-il\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\GameBar.exe | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\ja-jp\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.513.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\images\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pt-br\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hr-hr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-ae\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\cs-cz\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_neutral_~_8wekyb3d8bbwe\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-cn\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Photo Viewer\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\cs-cz\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe
"C:\Users\Admin\AppData\Local\Temp\3c8345f2ebf5d6e07ed35d105a7e347020c0dd3904957cc6c52d0531c0830fdd.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
Files
memory/3552-0-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3552-5-0x0000000000400000-0x0000000000435000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\_desktop.ini
| MD5 | 4f2460b507685f7d7bfe6393f335f1c9 |
| SHA1 | 378d42f114b1515872e58de6662373af31ab8c7b |
| SHA256 | 47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42 |
| SHA512 | 75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb |
memory/3552-12-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3552-18-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3552-22-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Program Files\dotnet\dotnet.exe
| MD5 | 731b6158a0a0082c18c16fbfbb3a6764 |
| SHA1 | 20ec0f4e81aa5ae2ad130398ac0c4e3bc6090b7a |
| SHA256 | e53de6167e05ee183ca963d8e452efa2f8f01689144b787ce3d117120abb8635 |
| SHA512 | 4a88ef57edae6e213dd4975abb19f6289a3c7b232c1e6a8edb7ed1a95eaa8c248122867d07c5b9d6f62960fde89b66de4b9b7a268825be1d18db808650f70b32 |
memory/3552-1216-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | e723a1bc7f82cb9ebbb977cdc1fb1be3 |
| SHA1 | 69f4ed87384d009a9669dfb8f26482e1435bcdb1 |
| SHA256 | 2cea9cadd842f36c80e051ed4cbd759e6269674d54ef65ec7056b5ac71ee4913 |
| SHA512 | 2c79d02c7e32c37e46f18996fe87e3b269068449d4df2e0539ef63c01cd4be8a84c8e3954f5985159eb2428fdd5bb62ca2eafa3c3c4bae51a3b4a64facaa0c0c |
memory/3552-4782-0x0000000000400000-0x0000000000435000-memory.dmp
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | 9cba1e86016b20490fff38fb45ff4963 |
| SHA1 | 378720d36869d50d06e9ffeef87488fbc2a8c8f7 |
| SHA256 | a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19 |
| SHA512 | 2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765 |
memory/3552-5221-0x0000000000400000-0x0000000000435000-memory.dmp