Malware Analysis Report

2025-01-03 08:33

Sample ID 240611-aj3ceswemh
Target 87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232
SHA256 87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232

Threat Level: Known bad

The file 87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (4835) files with added filename extension

Renames multiple (578) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:15

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:15

Reported

2024-06-11 00:17

Platform

win7-20240221-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe"

Signatures

Renames multiple (578) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe

"C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe"

Network

N/A

Files

memory/1440-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 d0132ab2b0a81dee884dfc4ccc7a32b0
SHA1 e74d39cc86d37b9ae08427b70f65cacfe9356151
SHA256 0d227a604e4b255d80f1044f4079b07d77f952ff885e6503039859a62e013a9f
SHA512 a51ac7c24b9ebb6d3bf8fe9b91d0f359eefef80fe10423f39c7c8d45ae0c9c050ddf2d092fecb7babac1c425ac2b588c07c667ac0e58855ae5382d18a99ec36b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 dcac2feab05bae7992e547ac67bc8a0b
SHA1 2008658a555656379c6c940ded43329394db4b56
SHA256 a477092c21223e88569349c5d79dd947dea4d0260610ed5540f00e6076878fdd
SHA512 5bc34a508ccc9c851174de5d97933048bd2a50f5a68ef8d8543f9bfccefceca819ee678bc7af13d07c08e1a5f99f5fd7ed1ad03d8e3a1724486a9af37fe63fa8

memory/1440-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:15

Reported

2024-06-11 00:17

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe"

Signatures

Renames multiple (4835) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe

"C:\Users\Admin\AppData\Local\Temp\87818aa86129e2ca7042cf884e30ad18030f3ede497f5e3efdfb79f20a4e8232.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/1724-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

MD5 24a9b945facb91673e9ad48acf4e00a9
SHA1 2e542246fde48fe6345862826faa91c36767921e
SHA256 f7a89a47e8af580822206b66b83223a24597a631bc7a61324c936e3ef09323d5
SHA512 18936bbef0eca03f16cd1b1507253a552f23e794d7378a3be32fc59ce93439b99b1c3ef29134f97111d496440452d1c27fa99a442183f7bae3f136cc6166379b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1f4a4159f78b7c1cbb0ad9a377fd8ab0
SHA1 cb61b44e2e5cdd70587d73da895c5b48a8395494
SHA256 bc71e0b1cf25dbdbfeb42056d7b64be2923139bfc9293bb0f22f92ebcfaa0a58
SHA512 fc4bc7e3ed454b51da051416d8ebb948d5d735932603691cc33576e712f0056f53f4a1b001547300c7097062b8c754213b33a944626c092fa825f319fdf59218

memory/1724-1674-0x0000000000400000-0x000000000040B000-memory.dmp