Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3jq9dawapn
Target 765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697
SHA256 765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697

Threat Level: Known bad

The file 765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (5031) files with added filename extension

Renames multiple (1076) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:32

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:32

Reported

2024-06-10 23:35

Platform

win7-20240221-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe"

Signatures

Renames multiple (1076) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe

"C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe"

Network

N/A

Files

memory/1908-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 2e3affe3e70ceb6132a91e268fd0851d
SHA1 6045818a3cd35c953d1e2ee2bcb4102cd49f0141
SHA256 c2f57170d8be246fec10832581996ab187f172b3a15fdd364f49454c151ffe4f
SHA512 f875550e085ae44e8a03eb08fa102ca360dec3817b609e93b72761cdd863fa9f8f2d93e3ae5e135c517571bd9522bec5e0fecd7d9979b3d94aef845590e93260

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f760577161fafdd7724099970463fd14
SHA1 46d2342d300cd42b3cb3f7eeb480566b386f7d18
SHA256 5285adc2d333a40df794f80c646e8949824a0d56843938291a2a60642a19d49c
SHA512 d2c1553bcb5a918e51cd5acce768e2dbad1bd446dfe87af0e57b94b87d9e41cd1fbd0d0ba6ce76342b948e807340c02542fd00e726c8edf8fe6240248bfdf657

memory/1908-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:32

Reported

2024-06-10 23:35

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe"

Signatures

Renames multiple (5031) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe

"C:\Users\Admin\AppData\Local\Temp\765ca22f9dc37369f052941987ba20ae5c51b9409d6ed05cfa435f0b7ab0a697.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

memory/4404-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 7c0896e869e4c6f91ac1a3af9632b504
SHA1 74ee7f9eff0cfd0e798e420fe17dcfee1d02d41e
SHA256 fb8598d2fc797e3813ff3f92ad1dbefcf0f260897c64eb36e233f0972ee679a6
SHA512 28c23b2b1ca5d4c822113b97416405d569e00e7566dba03d848d25f11ba7e80813ff2a42e80fa1bab4b79f1de1a9ba415865bd7efeb2ae0fe1b22864ed66e1c5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4f944e35f62d93255a6122b6c48db9c0
SHA1 61c1f399b45e491559e7505b9fedaf8b4129eb99
SHA256 c639f001bbfe86ee1c3c7376b4fa6a12699cb869fa93166f278986fceabb300f
SHA512 352a0dca192e7b2459bf598eb422f06d8d2c9098b7ebe22ada658134ea0fc0c26d3ad2f1f57931c8220b2d0ccd4d2963507055694f1aecd2de198977e4134fc7

memory/4404-1086-0x0000000000400000-0x000000000040A000-memory.dmp