Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
5kplayer-setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_5kp.exe_3b92e18cc83f109fc4ff47897356e7efcb1d37ba_f76daea9_1e85dae6-22fa-41a1-80c6-96351ecc220e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER21FB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER221B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50B.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Apr 19 04:26:09 2024, 0x1205a4 type
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\5kplayer\5kp.7z
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\5kplayer\5kp.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nss8647.tmp\nsis7zU.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Digiarty\unique.bin
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
www.5kplayer.com
|
67.228.121.196
|
||
dl1.5kplayer.com
|
67.228.121.193
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
13.89.179.12
|
unknown
|
United States
|
||
67.228.121.196
|
www.5kplayer.com
|
United States
|
||
67.228.121.193
|
dl1.5kplayer.com
|
United States
|