Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-by3r6syfpb
Target a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916
SHA256 a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916

Threat Level: Known bad

The file a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3446) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5247) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:34

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:34

Reported

2024-06-11 01:36

Platform

win7-20240221-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe"

Signatures

Renames multiple (3446) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\MeasureWatch.xls.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe

"C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe"

Network

N/A

Files

memory/112-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 1e40cf43e938cf25efb2a9071fc9da70
SHA1 c6110589d879004895600d32b46a4d826d71167a
SHA256 dc760f85337b69bbad923eb17965b36841d95ce7f33b3c5e3102e07adc14d644
SHA512 be42820fa6932ccefbfec1d1b35c9ae03d286a5db00ffb45c8fa1ffddc46c7c2b080cdf19ee6c9513bdabe0d7b9ac82f5680e9c52e2307d55ee7a90dc589d00c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 237c3483c284af190341e888057fdd15
SHA1 50f8081abaae79141ceb3ca416e5182b66f9ca36
SHA256 2f09a823f9c005a5272767abe5489931e1286f86657fdfac6dbabc20b6b9679b
SHA512 f7c3a1ddc8e349a917e695b89909c163f23a9f2a2afdbee8479c416efb21bea16006cf5e358cbc157c152a1b04c25f1955e6cbc481a7ed38cb7ea35b3615ac0d

memory/112-648-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:34

Reported

2024-06-11 01:36

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe"

Signatures

Renames multiple (5247) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\LimitUnblock.wav.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe

"C:\Users\Admin\AppData\Local\Temp\a745cc59d77cdaf622c31385d53bb30b03fc23756b757e7d59c53e32ece22916.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1856-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 f06955cdefef7ce1a69f356323f91f1c
SHA1 98aef74fb17252cab61f03fcef0197da4c61b93b
SHA256 dca245d4ceea58751b896c48b4e4cbd394c6f49dcdeb3ceb61087a7f5b6a0ab5
SHA512 c75c5fb3c0643f7813fcf099f53c5eb533a2183ea0dd7ba6c3429db076e3ff0da8cf15db15b7c76d6f62905c96e01e2c09c885603d3a1c3130487a921193bcbb

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 292e320a6962250999e8bbac8458bacf
SHA1 698c6afbd576970e59e43190831753e5c9760477
SHA256 5378050f99532064bcfcfe788f45f2d4e44055f96187dcc44149931410023d44
SHA512 b47f5c86fc2eeb6a6abf091ad555b3fd7a09f026b26d7fd677d435f8279d35c872a83f2a7d967337663a854c37c7fdc81bb457e09ad0da5cec8c74d408534b5e

memory/1856-1970-0x0000000000400000-0x000000000040B000-memory.dmp