Malware Analysis Report

2025-06-16 07:07

Sample ID 240602-bel1badd21
Target a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d
SHA256 a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d

Threat Level: Known bad

The file a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (1214) files with added filename extension

Renames multiple (676) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:03

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:03

Reported

2024-06-02 01:06

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe"

Signatures

Renames multiple (676) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DismountSuspend.vsw.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe

"C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe"

Network

N/A

Files

memory/2600-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 5255fc80bbb632608b781a9cfdefee22
SHA1 f9c049a385bf9f45367f172e209e393d14099c43
SHA256 e45a04a58b30af8dce51892fa07e72f2cc4fd3f41ae42109d9bced2f3c56d92e
SHA512 58ccc87e08438b4e9481b2db66dc382992d8c4006ac7ffbf2873b8910182574922fe22dc723c10ea09b07b14a74833c086be32bcf521541ea32c8bfa5476ff81

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0b3210078399bdc5b764b1c86d52a21a
SHA1 f1e6579675bb1cccfb8b2b6d9414cb2eb95328e9
SHA256 8942a892cb057e56a63ebc48cb1df277529caef99d34ff4d05c9eae8d7ebf243
SHA512 7557d64c13fd9743e168dae337bf38a30eaa445a15e97c9fb1d1b57f5953b7aca1c895d4fee7761366d81b5116dd0c31426c611bd2893291b270a7011bea810b

memory/2600-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:03

Reported

2024-06-02 01:06

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe"

Signatures

Renames multiple (1214) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe

"C:\Users\Admin\AppData\Local\Temp\a7de8deba0cdc4c591750a91d50db7d91e56e9dcb76e7013fea8ff1d2bd9ad3d.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

memory/2144-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 ce4a1d00b49f93d42b53650f0129772a
SHA1 25138c80b4cbaabbe973dfa1bf153c484967f063
SHA256 bf0cd7dee7c07a3a7731f08ff41f70623f2cdb71fe32ab5cec1c82fd484fd63b
SHA512 5d3fa8502650dbdbab94cfaa9c2cafb17251e998179c36b6a1d2abfa2099773219bcfab53d4e04dc05ed87175db19210ef35791e6e6deec42f71756bec137b86

C:\libsmartscreen.dll.tmp

MD5 38baad27948e48fd0c0343731ccd0907
SHA1 6bfefac78426a99a8cd507222f6cad17963c8925
SHA256 ac666bfce9c3f6cab1ea2a2b53048ef0558e17843b6be3bdb87acfabe566b7d5
SHA512 2c105ff870ae9759b50d85a336fcfd84bd26540195dbf297ee1aebee3cbf5c9640233d14161cda182086cb77d46902b694d5436ee8bdd5c3b2aec75aa21fa5be

memory/2144-398-0x0000000000400000-0x000000000040B000-memory.dmp