Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-b1dwtszdkj
Target a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b
SHA256 a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b

Threat Level: Known bad

The file a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3459) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5025) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:36

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:36

Reported

2024-06-11 01:38

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe"

Signatures

Renames multiple (3459) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre7\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe

"C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe"

Network

N/A

Files

memory/1232-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 485b45c1c0b2c36f963a9485b7d0bf70
SHA1 99c1eebef5238befe6d23d63de0a717dfc53c6cd
SHA256 05b3c6d65e4b7416e8ee96ca13732e81913b01602d20e0b825b9ca6e737f91b3
SHA512 38bb6e597bc3e24e044c87b870329265ece1365532497dcd51941dd3334583af858f38885f0eb13e6e6d701ef58a976aad26505b1b6f4c4c6a8272f49ad719f2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5c1bca18139a6a7b721b2237b88176ac
SHA1 483b2ba04be6b7d2e9d67d8e9541288f7a601934
SHA256 8f663dfa786dd7c5195196c96c940ffdeb00febf49c005c4b901270d443f6a5e
SHA512 e35695f8412aa3de400eb174f9f9c3dc1d3b8799f936b4c11061a72319cd201a36afea6e59e09b4c8951d3c9d88953520fb6b614f8c25d5e88df8a06ef2c59e6

memory/1232-646-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:36

Reported

2024-06-11 01:38

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe"

Signatures

Renames multiple (5025) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe

"C:\Users\Admin\AppData\Local\Temp\a83171fe85450b97765b2ea1cb7e7fd5b853ba0b7282092ae132a9579e07eb8b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4892-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 d6c7a1e3940290a3505de1991b1d45cd
SHA1 07522383b583ebaa1288850fd1adc4c33b2519bf
SHA256 7a32894f4c285d8eb4a7fc196507c891258e7335a8c57e3f95b9342d17bd9b0a
SHA512 98d7c4e6ff72312a16144935333d19e0a7ebc998e87cc57fa28816574005b5cb07a742cf2359f349da2460043e520110a0418bdbfca09788882eb64fd5f16df3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b27f15757ad6389d29606f6d2705d82e
SHA1 1994ddf77c0b078f65a0be1cf1d43d27d0a7607c
SHA256 6acb31cad7681429ebe2d334a11ed08d8c0ffacdc613c1a8ffc278c9337a7ca3
SHA512 d234f646c51052346b0c15d1d3ade0cc2a641f6d343357c3713831c2b215b03779f1a1e2319f59dadb4f78fc9412cd43c4a402f2488d6de983f0ff205a739e30

memory/4892-1782-0x0000000000400000-0x000000000040B000-memory.dmp