Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-blgzyayfkq
Target 016a433509a8b166492e2e489fd849a0.bin
SHA256 9f3444fcad66d21cd67d6d5902c401575395296efb9e12a527e7071b9cc82611
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9f3444fcad66d21cd67d6d5902c401575395296efb9e12a527e7071b9cc82611

Threat Level: Likely malicious

The file 016a433509a8b166492e2e489fd849a0.bin was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5191) files with added filename extension

Renames multiple (3462) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:13

Reported

2024-06-11 01:16

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe"

Signatures

Renames multiple (3462) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe

"C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe"

Network

N/A

Files

memory/2864-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 3b7baa6294f883feff6d1d755ba2f726
SHA1 ffb6e122c11f138172bdb111cbe48ac3ab738b3c
SHA256 0bc24adeaffb3947cb2430e0018c33eef31389e25bb771405bc7438932172b49
SHA512 16083dde7e107d0fa8ae1d96063221696dc2b8f1092492f02c09d77fb6b520da73778f563d8711c1f26875e6365798c2417a2047233529d95adde2a33449e8ea

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 22c4f9bcd6c7bda1aa0e78210ad6eae9
SHA1 37277928fa29d472839a3023d5ed09f57c9ad064
SHA256 349927cae50dcc2563e33b999d5700675dc8a7d9bbd31bf8dae92b4fae906227
SHA512 9924cec8769ce8cd0d58c9556de9c6fb0c7009bed4189b77b2bdabcf9199a67c69f81cf6585aacc1d5b972efc6a7ea423f9b5c9993a5914ad2db842e9914c18c

memory/2864-648-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:13

Reported

2024-06-11 01:16

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

58s

Command Line

"C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe"

Signatures

Renames multiple (5191) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe

"C:\Users\Admin\AppData\Local\Temp\016a433509a8b166492e2e489fd849a0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4152-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 2c56c284e00b543500586d80e491d918
SHA1 17e2642049019453a2413576d2aebb5c26d92022
SHA256 4bdae010a53b3d07bee021bdaf088f632b00e334e0947574b2fe3286d5994017
SHA512 11ec6a987b88c0de53027b9f93082060e6d37ef66093324fadf82e09a5a993b5174cf003aefae840d254bff04dad3e336236f33de1e4094a8a705c1570b301ed

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b64d90da88b95314f1f91600b21342a7
SHA1 014fdf316a95b9e1112ca1c415d4b2715ee066ef
SHA256 4598a540cf6cd4bf12bf8d233ca34512f1403c653c68b500614eadadd3b8d51e
SHA512 55533db5c8026d8253870dd35fd4a425b2331e44c949c366f707db117af49f14c7f89d4b49b13b67471d3a544c0f8a68529c7e7c769bbf56def956c13baea204

memory/4152-1896-0x0000000000400000-0x000000000040B000-memory.dmp