Analysis Overview
SHA256
90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c
Threat Level: Shows suspicious behavior
The file 90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c was found to be: Shows suspicious behavior.
Malicious Activity Summary
Enumerates connected drives
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 01:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 01:24
Reported
2024-11-10 01:26
Platform
win7-20240708-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\control\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\uninstall\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\si\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\DW\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Media Player\Network Sharing\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Defender\ja-JP\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Microsoft Games\More Games\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\es-ES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Hearts\ja-JP\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\eo\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe
"C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
Files
memory/1864-0-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1168-5-0x00000000029E0000-0x00000000029E1000-memory.dmp
memory/1864-7-0x0000000000400000-0x0000000000436000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-3551809350-4263495960-1443967649-1000\_desktop.ini
| MD5 | 2a3fd5c71388ca70bcd12900f65d5a77 |
| SHA1 | 7619579d21480b9a4800bc830dbf20354e50b979 |
| SHA256 | a48a9bee0ea1d148d80a848e506f13606a80f84e7f4fa4a3ceeb0f47eab1bf40 |
| SHA512 | 0e803903a477f9761178c6892c45f3522f9af5b6ef550f446c0dea329dcbe2753760a17086397ff4f9c66ec93a3dbbd1e7b6aaaa71f77c70c9c8de81429c3aa0 |
memory/1864-14-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1864-20-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1864-66-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1864-73-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files\7-Zip\7zFM.exe
| MD5 | b3f3c89e360dac8e69d9e26e0b1f891a |
| SHA1 | d09666d406966a535e22f72da4108f0f036d9ae5 |
| SHA256 | 7ae074c0a34b1461d8683b6d8b641164a510494de9382a110f7e411cda438534 |
| SHA512 | 946774c3eeb36b821454438cf99655587c0e42b6a7b75d120d4e47105bebe47522f3b9817dbaad7e1aa5254bc69d417644050ccedc4b98245e4daf0a9e1f5c58 |
memory/1864-315-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1864-1849-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | 44b1d976ac1b619eb8f20332e9307cd1 |
| SHA1 | 2644ec5390e5bd5c7e45f9b0316378881ae36a7e |
| SHA256 | 98b56337fed63960a955fde77cf678b5d3df5aa620e0834d0d1be24cabdba0fd |
| SHA512 | 745410aacc11176be2efab183f0bd8e8d71ec26d9931051d4248963f62f962e66b5e4554923dff01b5ad562ab93b8010dcce855278f09e8cca781a83c4eb2340 |
memory/1864-3309-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 40429fbe4769cde892d72cde845b3df8 |
| SHA1 | f5c804acf1e4659b85010ca8926f2eee4ee4ae62 |
| SHA256 | 00c3830d8357fbd8e92cd7e440a848424bf94a68784664dcf469707b448b42d6 |
| SHA512 | e774273101c90343328379a114ba7349fe532145b0beff7c62f0702ad762502b9823da3d2397c55a7040c80e42c2b5562a8021d3663c7621de05dba03cb2ef51 |
memory/1864-3653-0x0000000000400000-0x0000000000436000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 01:24
Reported
2024-11-10 01:26
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\zh-cn\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sk-sk\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\misc\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-us\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pt-br\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pl-pl\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\css\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\ext\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Windows Photo Viewer\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\eu-es\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-GB\en-GB_female_TTS\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\security\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\kn\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\da-dk\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\tr-tr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sk-sk\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\pt_BR\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-US\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File created | C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\_desktop.ini | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe
"C:\Users\Admin\AppData\Local\Temp\90eeb4757d0a09477070cec4c254a25533cefa01cf22c772e116f7b6e99ca56c.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
Files
memory/1256-0-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1256-5-0x0000000000400000-0x0000000000436000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-3227495264-2217614367-4027411560-1000\_desktop.ini
| MD5 | 2a3fd5c71388ca70bcd12900f65d5a77 |
| SHA1 | 7619579d21480b9a4800bc830dbf20354e50b979 |
| SHA256 | a48a9bee0ea1d148d80a848e506f13606a80f84e7f4fa4a3ceeb0f47eab1bf40 |
| SHA512 | 0e803903a477f9761178c6892c45f3522f9af5b6ef550f446c0dea329dcbe2753760a17086397ff4f9c66ec93a3dbbd1e7b6aaaa71f77c70c9c8de81429c3aa0 |
memory/1256-12-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1256-18-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1256-22-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files\dotnet\dotnet.exe
| MD5 | d241fc0812a05fa28580444d63e24f99 |
| SHA1 | f7bdce38f7720591b5765fd8dd12c75e7fe16ad9 |
| SHA256 | 8807eeaa5d35b7be4b284f3baf9a1d6893d56d7064e0949034ddb885a4f4ed56 |
| SHA512 | 5aaadee837644916679585891bf780836cdedd4987dba552226c095d2091f0b3b8ec644c74ded81425377774610cbbea026702a8176bbb25d2ae7bcc979636f3 |
memory/1256-397-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1256-1219-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
| MD5 | fdc95026717686b36d356c9053eb1019 |
| SHA1 | 3d301424838bbc55d88ba9dbcb6a65612ff54b9b |
| SHA256 | e2813a7fb0a036eb9b0861b1687ba73d8380ecb2b9cbe0eededd4edfd8ad7f49 |
| SHA512 | 9890073e956436de9dd5c09c7b36a718f7a746655ed4fb7eceb7390b500888475f4b64c29d26eeda62240be5c8efc6a1735c4322d6d9cde9bb60315d64bf4fff |
memory/1256-4770-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | c6d6354b442f8417dc66b1723a800f2f |
| SHA1 | 94525ba06431ca98c5b8b58c60b24ac8811b1748 |
| SHA256 | 848e14757895f1da1da61c8bb06127caaeb36eb3361768b3baf1a7974ad16716 |
| SHA512 | 49b347afad74e96aeedddaaf3bbf7cb261c5590b4991af35f3fcd5fe2a22954266e5dc84b100590731da608ba49aa04fd5f22c7997d20ca5999cc63103180a5f |
memory/1256-5239-0x0000000000400000-0x0000000000436000-memory.dmp