Malware Analysis Report

2025-01-03 08:33

Sample ID 240611-ax4gmsxenp
Target 90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503
SHA256 90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503

Threat Level: Known bad

The file 90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503 was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (2842) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4669) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:36

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:36

Reported

2024-06-11 00:38

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe"

Signatures

Renames multiple (2842) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Mozilla Firefox\postSigningData.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DisconnectConnect.mpeg.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe

"C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe"

Network

N/A

Files

memory/2340-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 d8620fc37bd512385c5c7612ce6f836b
SHA1 3c2a11fb8730703307d152fecbd1ce9d91c5bf61
SHA256 495555981c94e03afaa26c136c8dd098932b66bb11010ab9911364229e4df3f2
SHA512 e35468d371c09a08b9a14a906a01ceb1950b0076a087f59551a96d1f06b51eb9ed69b2712f6ba5657ac63b244c6fbc6b14229a74238811cdd9847fdc08c7b961

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 33db798012824689435f28b050b2f9e3
SHA1 8068cd9f2af3a3227dc14cdac6f50ac1bc9b6091
SHA256 81a1badff0a16489b921e8dc04177d696c0672fe80325241972b8d9e1f425365
SHA512 01e2c2f949e23a049c422763db7289c1fa3403cfaaf1b4573d6688cb62e19cce03260c81c7c78d6de30a391c86a5b21792853a9a2c3daf57020ca12b66aa8623

memory/2340-340-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:36

Reported

2024-06-11 00:38

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe"

Signatures

Renames multiple (4669) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe

"C:\Users\Admin\AppData\Local\Temp\90e707d8f612f7765ad07a4e426b97a03df5528ef9198f3cf146550407abe503.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/3244-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 1a435df4c66cddab040ef0fb2ebe238e
SHA1 0803642d61c0d3c0e7ab36bd4f2c5a3b754152e1
SHA256 3b70cbc28517dbc0d66c69d741484d8a3e27f10746f17ed4cb25442b363d3626
SHA512 7644b1d15f12647c59570435adffc099c086fed469a4dfd357876d5e824e6a659a6473c99165713bdd2adfafeb5b040cb69618138ab80415afc4c86c4430a218

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9df43a62096d86bf83e242afcbb4d0f1
SHA1 974ccb9327cb1ed8d59ec684d59f5a32f9305fdf
SHA256 1b81f60b6dab364eff97e4597396d852ee411ad1c0aaf6a763d6d61ed52bed72
SHA512 20ebae9cb2d4affe35a7ba2ae28007782337173c093ffd007d8f8306109a8eb00245c16a0f234f66802d1df7622597d846f04be23ea21c004e27aec5982802c7

memory/3244-1604-0x0000000000400000-0x000000000040B000-memory.dmp