Malware Analysis Report

2025-06-16 03:35

Sample ID 240608-ema5kagg6s
Target b9e7395823b4fba1a5df241416ca2620.bin
SHA256 d5d2b5b9b359f71c3b36d48da613b35d5550fe7df0a08f99367fe7a2e4c0c149
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d5d2b5b9b359f71c3b36d48da613b35d5550fe7df0a08f99367fe7a2e4c0c149

Threat Level: Likely malicious

The file b9e7395823b4fba1a5df241416ca2620.bin was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (1394) files with added filename extension

Renames multiple (3534) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 04:02

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 04:02

Reported

2024-06-08 04:05

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe"

Signatures

Renames multiple (3534) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\DismountConfirm.vdw.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Java\jre7\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe

"C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe"

Network

N/A

Files

memory/2476-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 fc74742fc0f97190668cfd75df277a30
SHA1 6a65fe741c0f5522722e480fdbc83ad3bb70b177
SHA256 1f34253f4d61d634267b4dd3c863e93fd6b37ccca393ee48ab9749b6a60373fc
SHA512 26479b6fecd61740c03af8c4dcfced4dd5c7afc658de339bc78c37924e0cdcb4fab952995cbce916cbe1d76b294b8a3ea91512f2719911bedca43cf3ab17fed9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cbf9d529fb521a160361da79342be21a
SHA1 febe153ab269ef645116240e1df10ae67c95bc44
SHA256 d0798e90026d24044ce6804262c4afb32d3dc1349ba36f4210ae59aaa9bdc9d2
SHA512 ab06d041dc33e9f039c960d8c6e790553c0057bc369bdd0261cbf1bbaf2438c82c9cd5a419c86ce9dcb33eb8c829c05f8fbf023a4b3bf2197afd38eb7e9f3ccb

memory/2476-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 04:02

Reported

2024-06-08 04:05

Platform

win10v2004-20240226-en

Max time kernel

153s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe"

Signatures

Renames multiple (1394) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe

"C:\Users\Admin\AppData\Local\Temp\b9e7395823b4fba1a5df241416ca2620.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 216.58.201.106:443 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/1368-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 1d4cf1ccd946c7634f4c540fcc8d2459
SHA1 fa9cbd7ab7b7cc2d61b54764931d70baab67ece4
SHA256 fce4f98975d17426b95637b83c2e049bbebf8b71b10b9d40fdaf284ab4cc850f
SHA512 522281a1a8d8fa00865848b8c6aedb38125134f362ae146e3f01fb64301e333ee112402656e7eedd7c068fcc823f16a4d511a762d1065ff6b73bbca3e99f6ed5

C:\libsmartscreen.dll.tmp

MD5 e5c5d7303e4d682b6e723a6a556bed36
SHA1 df00686c728952f8643d89401eaa4ef8f8a42cc4
SHA256 72c18d0670ea6c7eb6c6c906037487d2e4e020fea95f8aa2a689ea7ba378704d
SHA512 c467047651c4e9e5a4526a21fb61af2efd3712b73de85b1bf01a84308b044fe9a71acdebbbb01d157b62f19cc261f45bea8ba5c4715a23c430cc8109df866ae9

memory/1368-396-0x0000000000400000-0x000000000040B000-memory.dmp