Malware Analysis Report

2025-08-05 15:44

Sample ID 240525-bh7q7ahe29
Target 98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80
SHA256 98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80

Threat Level: Known bad

The file 98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3698) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5198) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-25 01:09

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 01:09

Reported

2024-05-25 01:12

Platform

win7-20240419-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe"

Signatures

Renames multiple (3698) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\LockSync.mp2.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe

"C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe"

Network

N/A

Files

memory/2936-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 639172ead2fcab8fb0c92f9dd85c82bc
SHA1 44b8f87922c4751bc12d6ed8de9f65be1f24759f
SHA256 73550ff01bb4da37cfcc7cb096b4e8e010a59f77adf376c355841281cfcb5e0c
SHA512 6c968f1c8510f3b903279890b024dee42254e223dfec91257e40dc77bb17679a1f070c2b63d8909d20ee176715cb6389563eed79a66e65dc030896c907efd5ff

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a3249af8d9d44fa0b6e8c0c4b1a07fbd
SHA1 26c1dffa9ae782f491181c26a3c5650d35368612
SHA256 42385b87844942d0b3b859cbcce65525c3717f40dce50529e157ca3ff38b0ab7
SHA512 5595d05cdfc0c7bb258f6785ca7d18cb4455556b0e2b83626352432f7a60ed9cce59ef3a94cb836acc3c23040bef0b957094bed5259e1c2a8fb7f5662269ff1d

memory/2936-648-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 01:09

Reported

2024-05-25 01:12

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\BlockSubmit.i64.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe

"C:\Users\Admin\AppData\Local\Temp\98f9d3d10a8fc3fc892bb398618116ed94480e5c855aca8d3e29feafb2859c80.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/1488-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 ddb1617fa9f5da7e86c3160ec971c792
SHA1 01ea095f664a93f9e1d04b63776228bf48f125a9
SHA256 fc63f214834c4899cb5d90771ce7bc6453eac84051ff1b4e45fc8da188fff8b8
SHA512 a0f4fafe649485db93ed80c21b84b9f5c1f681041b19f3b1098fd313c492268762d852b1d4873f4aeec53b702db109b68a16a54e66b559df07415e5d2f16dba6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 21601126952a8717c4d500c4c4c6ee4d
SHA1 d105bde478d988c0712e03c59204afb7e4653adc
SHA256 3bf532b2ac14075665bbb22be6b7ff625134e4960b3d0ef03f4e6ad0d5098cca
SHA512 8ca35dca758bff979f192af83f0c0fef92a421381540d2cce6c00c12f93f4b9c6de623b50d2a752c6bdd8f96ae6df3392d0e1fbc7b14ce509c048622229d1164

memory/1488-1956-0x0000000000400000-0x000000000040B000-memory.dmp