Analysis Overview
SHA256
a1b3cb223d08591e272ceff62017c1f24a0e8465354e7f96ecca9eb8e92ad138
Threat Level: Shows suspicious behavior
The file 4a699266a4e4afb20ef4fde3ca3d3968 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Drops desktop.ini file(s)
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-01-08 04:15
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-08 04:15
Reported
2024-01-08 04:18
Platform
win7-20231215-en
Max time kernel
126s
Max time network
135s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Games\Chess\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\FreeCell\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Mahjong\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Solitaire\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Hearts\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Purble Place\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\UseEnter.crw | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\7-Zip\readme.txt.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\SetProtect.ttf | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\README.html | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\logging.properties | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Miquelon.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\fxplugins.dll | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jre7\bin\fxplugins.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\postSigningData.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\handler.reg | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\javafx-font.dll | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe
"C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe"
Network
Files
memory/2644-0-0x0000000000400000-0x00000000005BA000-memory.dmp
C:\Program Files\7-Zip\7-zip32.dll.exe
| MD5 | 9cdf62accff2a73e785eaa4c9a91c131 |
| SHA1 | 10adb4c428314a08a515592646cc1a6ec609f406 |
| SHA256 | 54a920b61519942efe769e87520ffad88e18e8278cc15144e35ed809c4dc06cb |
| SHA512 | 22b4c2e1efbd133203fbc14e180428a585162a16e5167913172f97f2352dfc969135c2298b38cd1c81120de5bbc1a90b2126d6dac02269d4833ab40b108ebe1d |
memory/2644-684-0x0000000000400000-0x00000000005BA000-memory.dmp
memory/2644-9193-0x0000000000400000-0x00000000005BA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-08 04:15
Reported
2024-01-08 04:18
Platform
win10v2004-20231215-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WWLIB.DLL | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\lib\packager.jar | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Wordcnvr.dll.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.chm.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\idlj.exe.exe | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll | C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe
"C:\Users\Admin\AppData\Local\Temp\4a699266a4e4afb20ef4fde3ca3d3968.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
memory/1628-0-0x0000000000400000-0x00000000005BA000-memory.dmp
C:\Program Files\7-Zip\7-zip32.dll
| MD5 | 92945e7609f199935298370ef771948d |
| SHA1 | ba7c87192cbc86069c9e7038ebcf2cae08f15cfe |
| SHA256 | 83e6c45e6efa01ba581074b83bb6d9e8f7e2cdc0aced66a94187acf5dac2353c |
| SHA512 | 8aa29859dc5bf9f8d52143c216ef527010ce84e587cd2e7a0cf7ea7314d3859e9c3f4895f6c1d4575e20dd33c6759a820f7c9aba675f31393ac5b249d1260a3a |
memory/1628-705-0x0000000000400000-0x00000000005BA000-memory.dmp