Malware Analysis Report

2025-01-03 08:34

Sample ID 240611-ag6l3awhml
Target 85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff
SHA256 85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff

Threat Level: Known bad

The file 85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (5331) files with added filename extension

Renames multiple (3782) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:12

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:12

Reported

2024-06-11 00:14

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe"

Signatures

Renames multiple (3782) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\Shared\Filters.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEDAO.DLL.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEEXCH.DLL.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe

"C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe"

Network

N/A

Files

memory/2116-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 2b49bbf45f10f792ed1891e4cb5a1bad
SHA1 87d2f3fcc36068fa121c6993ac36c5c30ff13932
SHA256 405dcbbb8e572d0976efa87b3a1f4bb1b869d32bb3c6159dc659b10b96c84a94
SHA512 6d699ff80bc578cdb266f095ca3c53953f6652b41b549ccb2ff1e7e840452687b943a73db59fa8f9dfb58b8320d063910d80e28d03dededc017cff169e74ea46

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c1f68c56d6b9bba6c0010b8af31e1eef
SHA1 65aee02094ae165ebb512b6d3752a81b8b48dad4
SHA256 b3c564be1389a9b9db6b99cc9b3562651770926a4e758018eaed0fdc9a451c1d
SHA512 1af66b1af4c82fbad5601ea94ad4b4935970f5d7c410b588ba69e74b8d584e78fe844893da6cf3b9612d7e700e931c6b86b4a273ad3330e371f0cae330f0b0ca

memory/2116-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:12

Reported

2024-06-11 00:14

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe"

Signatures

Renames multiple (5331) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\msitss55.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AIRWER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\NIRMALA.TTF.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe

"C:\Users\Admin\AppData\Local\Temp\85ec33e6fe4bccbc1ed340f84ec7e63f84b90dfabde83ba8f47a1ec6428b92ff.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1580-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 8d5ce12b145e11c5d673bfbb88207bc0
SHA1 eafa28fb14bf6454776e2d3399c2d4c31006fe9f
SHA256 e7e5794280a90493ad427cdd0f7c9fcdc4faf7ee4e7fd03a88c0cfa64dce08fa
SHA512 af77198b5e88c2cfc7818f4d32526fe57ee69a914334e975b13cd257ab4770af3a2d48200f00decd1c784f6107acb50c405183e62314fffe3a58b6de18ef2e5b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ac433771210bb6e119558a7b4e4a7797
SHA1 966d8fc615de3228f21ae462ede7a29bbe4a1e6c
SHA256 dfb590a628114147d45cc37dfbf368d3246ebc2b0d01811935c0983ba6d394e6
SHA512 e3573435c9dacc91b465de8f33490ea50b25464e2856a864eb7a247efa67fdaa39664cf87c73e8442d6af9346e0c5e4e608e12faf1ccfb2cd0600e37b625d88a

memory/1580-1206-0x0000000000400000-0x000000000040A000-memory.dmp