Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-b6s8pszanh
Target abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc
SHA256 abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc

Threat Level: Known bad

The file abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3483) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4962) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:45

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:45

Reported

2024-06-11 01:48

Platform

win7-20231129-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe"

Signatures

Renames multiple (3483) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\UnlockSave.tiff.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe

"C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe"

Network

N/A

Files

memory/2268-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 2b987ccbda494bc516c865a54ffdcb41
SHA1 f6b89e16125ff79d946e6ea47722cdbbc4c6a162
SHA256 98cc9101658fae91541aaf3704049fdc4d6b2240a25a335b9a2281ddf1541e41
SHA512 497c4ba95c88226e572ac1ebc701f3f7b26250bc6dec265461684a5de7eba588fba88721db704858819fe98c5e6b8c855de2413816801425fae481a7eba77423

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6b761cd294093f9d6d4723bfbf5f6a75
SHA1 8adeb31cf6a30612376de53e2608d24d5ac6debc
SHA256 8f426f55a359e5ac3ce1b214da0658496eb698cc9b45a613f13f211d98b595a0
SHA512 2ba3792d8fd99a43a97d9c24a098195bdb4766dd8b7f3b083772b7102b3006e964b22d6335d26e205587608ce042beebd47f16c8c2bff947348a5539761a55f9

memory/2268-642-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:45

Reported

2024-06-11 01:48

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe"

Signatures

Renames multiple (4962) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe

"C:\Users\Admin\AppData\Local\Temp\abae2e42817afd9b14291c77742f453daee93986e1519758e8fc95ebedce59bc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/4780-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 c99904fdb8e2cbbd68e1b02ea9625e55
SHA1 5461ae4429dabc7ea9172d6f8036bc76d7b3e88c
SHA256 02061fa106912db2473d85a07977effed0d7df5d6378081680e2acc62ddeaafa
SHA512 8808c2540d686c86d0201b41be33069be70e89fe2cc6f48c719c26ae4d0836656dcfddfadcc22f3f00a36b5e01c5dba44b42db907423055bf51b030951a5c8e7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 733a7fc13a18cb58729d59fe7d2429fb
SHA1 e0db004c83fdb0e187e35e8491e89f3471388de3
SHA256 2673505a5f566bebb74b7a7401343f14f2fdf9bf0b19843871b190a6f9087d72
SHA512 a2186139dcae7690e30994f57e68528361e35bf83798f9ac929d89d0f521ab0d79ba3d825eda55e2b47ecc30851ede50bee6ccf530ca14595f6599930a611f40

memory/4780-1790-0x0000000000400000-0x000000000040B000-memory.dmp