Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3rg1nsvhla
Target 7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa
SHA256 7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa

Threat Level: Known bad

The file 7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3741) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5271) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:44

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:44

Reported

2024-06-10 23:47

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe"

Signatures

Renames multiple (3741) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Mail\oeimport.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe

"C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe"

Network

N/A

Files

memory/2360-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 67cae30188c8e8db5def9744b9a7353b
SHA1 85cc5cd16928cce3ab1b9a4d576c7f4ab46fe71e
SHA256 037932be6056817736d297238ab3e3ebd1a55ca70011ba6b1a62db0960e16c59
SHA512 79e4a3a507013f441318e0512e420adccae110bfbd8d812cd1038a30f598551560d260f3b5ed89e222c318ed75778da45bc702e32101bc60a521b8e498194b25

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d6aa9ba597f560c44574f7a59161fe78
SHA1 7323259cb4b8426a702650b6833526448edf0ad9
SHA256 2ee800054e9050a5386c6c3ff0a9af29d474d561c53807568e5f9c219035f9b6
SHA512 791eef4cf56d2ce2598c5dc3de0406b0779b15ed2657ccd9105c135b84d48fd4d43c44c4fd0758f9170c60461f045198747ea97f0b56eb07362c773a55d00e88

memory/2360-78-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:44

Reported

2024-06-10 23:47

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe"

Signatures

Renames multiple (5271) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe

"C:\Users\Admin\AppData\Local\Temp\7adc2acd5367312f11cd7afab5672244e54af643dc15658afdbb01556cd55afa.exe"

Network

Files

memory/3552-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 ebe97b029c3288e24c2a0d5114ccaf5f
SHA1 7ad8700137776cb5d1b958055486f0ba4a7728d8
SHA256 b399af7ac00118a9247f8c19cd606844e43a455916306e21f423a7663b03d37c
SHA512 36a35691d4d9c3bf8928a255f3ff0306b99601a804e52f722f7453dee693601bc1a3c748c74fa2ee642d5da62c96393405ecdef280747fad058f54d7ec19abc7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9fdaa42c95de610154c8e9d64e07cb45
SHA1 a6d0c525510475ae3fa07b3bb78f4a8db793ce81
SHA256 81835c3e30bd9978ab9a2ecc3a0e8a3f40c5ca8cbbf00f7a7014ad4a0165fc70
SHA512 ce355d8b9c4babce118931d1255ca66d4523abc294a404e823ef1ce1fc66049eed83c25443ed00dbf8786220cbbacd8d792700f9095b1f150dc4e75214e6e1e2

memory/3552-1214-0x0000000000400000-0x000000000040A000-memory.dmp