Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-b2ymmaygqh
Target a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee
SHA256 a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee

Threat Level: Known bad

The file a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3534) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5132) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:39

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:39

Reported

2024-06-11 01:41

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe"

Signatures

Renames multiple (3534) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe

"C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe"

Network

N/A

Files

memory/1984-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 78cfc89473df222e9f99e89262a38cfb
SHA1 91eaef750e48ea72d214896244993d13cdef4dcd
SHA256 17f2718016f4e90cdcd06b752fb4541c280789cb1f8074e8330069a53dfb73c1
SHA512 992d56646000e0583894555c079ff176684878621d9f71d762418eb837e4fc32a42391e0c776cf340e5e9b0b35fd61535990034b466138b5caf27f1be8cdec8f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f2b0eddd0cd10a3bb6d9a62eeb1711c6
SHA1 ad41dce423daf235ae41d76539d3701fbcc18289
SHA256 2c4006ea1c85bb1ba53ec06d7d962fc1afddebff56e8101f746ed38db5f7a863
SHA512 f664aa420b52489d36cf2b37ec8537356e851d170ba005cf786604c76725c012c9a3537f978b52d8a013366ecd6310cc7f0d7bb81ea38b7cd3ef790095e55fcc

memory/1984-650-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:39

Reported

2024-06-11 01:41

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe"

Signatures

Renames multiple (5132) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe

"C:\Users\Admin\AppData\Local\Temp\a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2652-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

MD5 0bd017e59d7807ae0575dc22bb98761e
SHA1 b52b8347ad2ca42fd906e3441a8707c5b248a117
SHA256 7f8f3c9f828baeb82f28f28897a671ebc78b60934d44871347d1f0e5df110b03
SHA512 877292f917eedec9e877800c7f40aae62f5c4c7a5e8b89cb2495b395d7edd6d0ac7cd4420327b249f57c2eefe122219562621c984fac761f4c0d577578724dca

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 654d8f8fe1bfcba98010c10c67b7db31
SHA1 70f186326d4add625aaab81f3021db71b1b9a30d
SHA256 3c3f9366c64211f070a7a76f1fbcc9e3f6f45aa9c138452571f5f63422e7708f
SHA512 ea38317940be90d5c543333992fae74e236cf1ee0af7f9fafeeb259ee0af5127e5fdc4d41e35c0a4f65ec544480a0997414529cd5f1a37ad824e3a27ef1a3243

memory/2652-1864-0x0000000000400000-0x000000000040B000-memory.dmp