Malware Analysis Report

2025-08-10 22:49

Sample ID 240108-evd67aahcq
Target 4a699266a4e4afb20ef4fde3ca3d3968
SHA256 a1b3cb223d08591e272ceff62017c1f24a0e8465354e7f96ecca9eb8e92ad138
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a1b3cb223d08591e272ceff62017c1f24a0e8465354e7f96ecca9eb8e92ad138

Threat Level: Shows suspicious behavior

The file 4a699266a4e4afb20ef4fde3ca3d3968 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Drops desktop.ini file(s)

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-08 04:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-08 04:15

Reported

2024-01-08 04:18

Platform

win7-20231215-en

Max time kernel

126s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\UseEnter.crw C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\7-Zip\readme.txt.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\SetProtect.ttf C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\README.html C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\logging.properties C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\fxplugins.dll C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jre7\bin\fxplugins.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Mozilla Firefox\postSigningData.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\javafx-font.dll C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe

"C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe"

Network

N/A

Files

memory/2644-0-0x0000000000400000-0x00000000005BA000-memory.dmp

C:\Program Files\7-Zip\7-zip32.dll.exe

MD5 9cdf62accff2a73e785eaa4c9a91c131
SHA1 10adb4c428314a08a515592646cc1a6ec609f406
SHA256 54a920b61519942efe769e87520ffad88e18e8278cc15144e35ed809c4dc06cb
SHA512 22b4c2e1efbd133203fbc14e180428a585162a16e5167913172f97f2352dfc969135c2298b38cd1c81120de5bbc1a90b2126d6dac02269d4833ab40b108ebe1d

memory/2644-684-0x0000000000400000-0x00000000005BA000-memory.dmp

memory/2644-9193-0x0000000000400000-0x00000000005BA000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-08 04:15

Reported

2024-01-08 04:18

Platform

win10v2004-20231215-en

Max time kernel

149s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\WWLIB.DLL C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\lib\packager.jar C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.exe C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe

"C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 21.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 81.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

memory/1628-0-0x0000000000400000-0x00000000005BA000-memory.dmp

C:\Program Files\7-Zip\7-zip32.dll

MD5 92945e7609f199935298370ef771948d
SHA1 ba7c87192cbc86069c9e7038ebcf2cae08f15cfe
SHA256 83e6c45e6efa01ba581074b83bb6d9e8f7e2cdc0aced66a94187acf5dac2353c
SHA512 8aa29859dc5bf9f8d52143c216ef527010ce84e587cd2e7a0cf7ea7314d3859e9c3f4895f6c1d4575e20dd33c6759a820f7c9aba675f31393ac5b249d1260a3a

memory/1628-705-0x0000000000400000-0x00000000005BA000-memory.dmp