Malware Analysis Report

2025-06-16 07:08

Sample ID 240602-bhp65seb38
Target a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c
SHA256 a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c

Threat Level: Known bad

The file a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3677) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5091) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:08

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:08

Reported

2024-06-02 01:11

Platform

win7-20231129-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe"

Signatures

Renames multiple (3677) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\updater.ini.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Onix32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Mail\oeimport.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\DVD Maker\offset.ax.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe

"C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe"

Network

N/A

Files

memory/2956-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 80d1ad41a8e84b8d074781b8df30882f
SHA1 37e8f4581e798dcbcbc0b4c5edfde147ed9a8616
SHA256 47f8d4aaef67ebc476f2c1b73e150bb8577ebc760f104aa18d3d40ec2ec566c4
SHA512 c00e82404a348a6b90711fee6c561b3b4f34bf822bca1033668dca3177e57b48f14a6a440c93cfb8354e3f80e3ce6e60dd8a499000a0a14ca5fa40e4066ec3e2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 89c3ad954b4692dc8df4e051040cc0ac
SHA1 0077ecd5d063ed147f43834ffa6a0fe527a685d1
SHA256 cf37409f0a9b5aa623227c259794c0048aea250774a4071c61a72678c965208c
SHA512 0723ec909706b7ecc1610d80018c0b197c1aabc98065320d3aeb3d2d57e5891ccfef5f58762cd3d99583321e9cb7403193013f8a18750e5144c68ea6c01a6862

memory/2956-644-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:08

Reported

2024-06-02 01:11

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

111s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe"

Signatures

Renames multiple (5091) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe

"C:\Users\Admin\AppData\Local\Temp\a96adee35e67c9efcb7b23299c2a0ff5c6e60f7bc28bb71c1eb25eb909b8a99c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 7b79dd8055cff722037c021a990ce7fb
SHA1 1955740a7bf4167e7005da8f37899f0490a76adc
SHA256 848fb2df0e13818fe290b1eb3e66b2529cce75727fee64f2560a1cec4be7bade
SHA512 e81b897949b4cd5d0dd303d146fc62b6873f2fcc01e92c559a19ff1ed276ddfcd3d7d932b46d8984169ab72930ca3b7a915db4d684a3fa48db091d7e36ace106

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 22cf4e6f65e5a689b6d6d586c3c3545a
SHA1 8f4631aa1c8f70e7b44d43f58172f2f551194e06
SHA256 5d962778069431c8b471c83efb12f162711dc6a8d2949db50aa1188dd810a4af
SHA512 9e087fa3d35830ee80b57b393f13726f2ead91d0060f71e0cd12ae7cc3a072b72038c1f6a459a1efe1499af69600b6864b2da675fa736ea5469168bef8f2592f

memory/2700-1778-0x0000000000400000-0x000000000040B000-memory.dmp