Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-b3t1tsyhkh
Target a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90
SHA256 a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90

Threat Level: Known bad

The file a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3707) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5089) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:40

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:40

Reported

2024-06-11 01:43

Platform

win7-20240419-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe"

Signatures

Renames multiple (3707) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Windows Journal\Templates\blank.jtp.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe

"C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe"

Network

N/A

Files

memory/2460-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 0b4c9dec7d09f42dfc7f070f1de6bed0
SHA1 cf9100daac76b4076f232bfbb74e49b43950e47e
SHA256 a05d45ba1d60f17ff72bb858c9c1f4c85eacfffd446d193a592e0af1ddc9496c
SHA512 dcbbaf93c9632c0606779fb1f63256af6955e197df84b8afc8125d0d0badc0ba25d394cff98c9996c94c958f73ff113b769da030d15210a01da235cee51f1455

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 41035fdcbbadec33d1dedd9167af1467
SHA1 139a09479b11effecef6911b3e7ba356fa97d5b1
SHA256 f72f22033b5d4cb0b89f0fbe50b3a886785fa17d0df2c66bea09bee53fcd37bc
SHA512 36747cc10bdb5feedec4b7355bc75dfc2fd73b416045da37db41a7d9dfd4425e8d053b680386efbd8cae9d14199e8622850b8174aeb1e7cbebdf5823ad35f3e5

memory/2460-664-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:40

Reported

2024-06-11 01:43

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe"

Signatures

Renames multiple (5089) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe

"C:\Users\Admin\AppData\Local\Temp\a9d097432514801c4f157ff93b2f855ea9b582594dd556d4b9404d0da395fb90.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/4948-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 e2a934230f596579b8c36375935f1141
SHA1 88bf16e8f52d7c5fb349424b26a96e401c36f964
SHA256 0e1594084a1b5ccab7e81b325a6fa63e40cc86e91c6203214bbe4bf20424a41c
SHA512 7891d51ec74b63eb593a992e14b8acd3f91a11442edfbc1afc24165ddd05ce406d21599dfbabfffbe4f937ecac62134ab964006940d1ce211fc3d17cd2237686

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f9c496b348e9ed4d16e2ecf3698dfbe3
SHA1 de7f435f4c964978675d68163c3f7d47e41216fb
SHA256 0cf7fe9c75061bd70bb8a10eed002f4b121bbe5682dd12d659bef19c50684a36
SHA512 4f112d10a8acf5604b341945f5f9cab635e15eeb5ec7aa04b746ea1b58b505325cea8fa9285753b594822cb66a195153161ba7e7eb60998b87c2a123fd552762

memory/4948-1886-0x0000000000400000-0x000000000040B000-memory.dmp