Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-bv1teayemh
Target a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a
SHA256 a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a

Threat Level: Known bad

The file a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3481) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4855) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:28

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:28

Reported

2024-06-11 01:31

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe"

Signatures

Renames multiple (3481) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe

"C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe"

Network

N/A

Files

memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 b0fc827c7da45df37a400ccf8f40029c
SHA1 a08555fd5e8d968d37c13af179798079c66a7bb1
SHA256 e86f39e108d4a76ee7705011c0da07ef2c4ac48b6a78ac08c5d42190a2002652
SHA512 09845f9e87d3783087f48ea8efdace3d658069624977d98d0b155c0ec40e33f9cba522790954e107f804163a4df2ef44fec6b89cdc7f72574933e998ff2a3173

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 45f116b4b8bb270e021db8dc024cc118
SHA1 5fd21e096895bd543fc6122227192b2d2f679b68
SHA256 dcf2aa87af6c749f3673f56384889dafaba2d363665cd90a4edf7547dda39e68
SHA512 030fd260e60e97bf1a5440bca33218700bbba0a6be6dd4a052a44a64d5aedd5de96c2b6da7413a357675821e7999f86de44d6b13c40e009cad9fbf8e9465242b

memory/2084-646-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:28

Reported

2024-06-11 01:31

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe"

Signatures

Renames multiple (4855) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe

"C:\Users\Admin\AppData\Local\Temp\a5087af087c99c645202dfc1e0134c4f029a6b69a9f951d0475bbbce74fb7c4a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/3104-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 830a6e18f441e49668c188691207dbcf
SHA1 44d9ad31ebd9269cab413bcd1c675b68a0c2f35c
SHA256 05cd8c23722dbd23a2735ab5dde2e9c2bdbd2bda40e7455e187d1d95da3075fc
SHA512 b53c267ef2ef73ad768a322b47a3d4262fb53430793a6b4b841aa39dd1aa468d0c32269c1c06fa2f532fd709b326bac08f5f8002d590a78aff8b8934cd6f8f38

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 65e9d9192ea45d572e3f7f5ab88af32c
SHA1 2dc6636a1cbf5486c51b5bbe45411e74fef1cc14
SHA256 adae6e8f93e04de2d275973d47f9f7eac4bbe9706fd7ddf0c469824c5539a812
SHA512 b3d86143319cbd84d2b365ef5cc56f3964762e88ca6385664c5ac96fa6e4483cad593301b1d835dfd802e64bf8d3b8b2b4cff24855e9bed1a6b024b7f1006c7f

memory/3104-1778-0x0000000000400000-0x000000000040B000-memory.dmp