Malware Analysis Report

2025-01-22 23:09

Sample ID 241203-a87y7sxmfn
Target 2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe
SHA256 2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538
Tags
banload discovery downloader dropper evasion ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538

Threat Level: Known bad

The file 2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper evasion ransomware trojan

Banload

Banload family

Renames multiple (230) files with added filename extension

Renames multiple (678) files with added filename extension

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-03 00:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-03 00:54

Reported

2024-12-03 00:56

Platform

win7-20240903-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Renames multiple (230) files with added filename extension

ransomware

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\ConvertFromUnblock.ram.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\CompressGet.ps1.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\ApproveStop.WTV.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID\ = "MMCListPadInfo.MMCListPadInfo.1" C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ = "MMCListPadInfo class" C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\ = "%SystemRoot%\\SysWow64\\cic.dll" C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\ProgID C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2} C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\VersionIndependentProgID\ = "MMCListPadInfo.MMCListPadInfo" C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe

"C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe"

Network

N/A

Files

memory/2288-0-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2288-8-0x0000000003100000-0x000000000330C000-memory.dmp

memory/2288-1-0x0000000003100000-0x000000000330C000-memory.dmp

memory/2288-11-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2288-12-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2288-13-0x0000000003100000-0x000000000330C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 2207c566d628772ffa227b12058ac327
SHA1 acd368b80b09c5eab08b48b5208b5de9fef55c39
SHA256 5564d3ac8d4ae9d0c266bc4c60eefd0f6c248bff0251a25546afe22aa00a14de
SHA512 e46b920b76fbac2200c5f10c8a19508dbc98e9323cfdb81fd8def4203a242a71f11815996f33c59acbee4ebaf77dd9fe0080f52cd4a1ba429aaae787286564ff

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c5b414a21d5a8460aa82a0bd43b2752e
SHA1 00026fb7c047d83468ae828243dfaf4645d035b8
SHA256 a695aafb7ab4b09c211a3acb27c2b8ceeab3db3fcf5d725bf421d0c5eb7b6cd6
SHA512 cff55c7881267cd1c685dc4eef61deb5522da4a08dd7bb230b82f650b629e202e64049d7bca1302616f8eb7ca24f6c8113507ea1b73df5d9928d1ad8d8f785d2

memory/2288-25-0x0000000003100000-0x000000000330C000-memory.dmp

memory/2288-43-0x0000000000400000-0x0000000000616000-memory.dmp

memory/2288-53-0x0000000003100000-0x000000000330C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-03 00:54

Reported

2024-12-03 00:56

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Renames multiple (678) files with added filename extension

ransomware

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2} C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\AutoConvertTo C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5ADD62E2-4A23-86F4-8704-0C62BF6886E2}\AutoConvertTo\ = "{00020803-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe

"C:\Users\Admin\AppData\Local\Temp\2533c55c719d1ad97a05d2355136d6a8cf15eaf36c01dd70450a740291f7a538.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 25.125.209.23.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/3428-0-0x0000000000400000-0x0000000000616000-memory.dmp

memory/3428-2-0x0000000004920000-0x0000000004B2C000-memory.dmp

memory/3428-9-0x0000000004920000-0x0000000004B2C000-memory.dmp

memory/3428-12-0x0000000000400000-0x0000000000616000-memory.dmp

memory/3428-13-0x0000000000400000-0x0000000000616000-memory.dmp

memory/3428-14-0x0000000004920000-0x0000000004B2C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 f4da69a6a6d43bc2c607fb4653a6ed48
SHA1 ba85556316efbb24df5f07d3cb31fb000b1432c8
SHA256 3b009739c8d2fce7675ec6205acb84411f38cb529c64a84b8960ce36a962cdda
SHA512 8bc5c9cf8608e68c06f53288c5c0d6586c02fc2715db413fde7ce39be8c5c99711c974d7854be1600c615481cef17e24371764963c0b6cce60f023efd6692be4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1ffcb85a39a0842f352a1628accb9a26
SHA1 443f32b8b2747d24419b95998219ce93245edea9
SHA256 a1abcb6cecf3d98f8812f5227d7748b2831a7604babf321336d9133941afe97b
SHA512 2060d45031a6bc20dbc38c226a7a7df77e03934214a0e4d040ab87d0997c7a607e3b2ce45470a13a35f15d9879b08ee74fab880e90d91bc209d83af3aa45093b

memory/3428-46-0x0000000004920000-0x0000000004B2C000-memory.dmp

memory/3428-47-0x0000000004920000-0x0000000004B2C000-memory.dmp

memory/3428-128-0x0000000000400000-0x0000000000616000-memory.dmp

memory/3428-146-0x0000000004920000-0x0000000004B2C000-memory.dmp