Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-cz3n8s1hjm
Target ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e
SHA256 ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e

Threat Level: Known bad

The file ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3076) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4169) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:31

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:31

Reported

2024-06-11 02:34

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe"

Signatures

Renames multiple (3076) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe"

Network

N/A

Files

memory/1896-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 071667a1cfeb26a79cf4a1e6796d7f54
SHA1 7220a65faefb7f06a05824efc2bb970dab968464
SHA256 e1ea34a57ed3d4db8642ca275bf26cb634e9e6606e4d54f2634c1620d0accd10
SHA512 7a481cdda471797619057c22cc3ab39f172b5518f309afa1e93de2515e23df92f24522266d7d2b33ec8319994d16d2dde0bc7e8fa3c837eeb5099e4e8b2a4be9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6193a38db04357d49d2b7562daf6d096
SHA1 b433ff49ed96c2fd27e3591e41cad8d10ca45316
SHA256 d45a7a597df0c6a425235df7b30269a9d524c9d95d3b24f51692c412029d44ea
SHA512 44882237d619b2bc30ad05e5b79e2c5b7bf40a94024a64ebd35f0c25fbae602d8087bafe864c173be54863022d2ec6644a4d2e1b30d57c7645c8d5225985cfc5

memory/1896-562-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:31

Reported

2024-06-11 02:34

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe"

Signatures

Renames multiple (4169) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe

"C:\Users\Admin\AppData\Local\Temp\ba7a5aac2348896c5d5ba6f3f034132f2de6a087d415020f226c3a719033326e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp

Files

memory/1332-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 34011588d9c95ea2c2dba0d3685c4870
SHA1 a9a19dee69ac6e9ed3735efe1ff048ec16724d9e
SHA256 50b6c0d7b692d5ded969a259ecfcb317a91781dee7e65a5d67a7f9029b850ae3
SHA512 1ff64943736e2103dfa11cf12e691918266e1bfa3cb16e020edce787d14bcb67fe426ee5e1f8ccf873b3e2c8775c38f952bafcb42937e8748aac99ed4405876a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4367796657ad7a9cdcf5626fa3ef8f2c
SHA1 fc54bfc0b11fb7177e9e852da7a0bee48520ffec
SHA256 67cdb6075549852b4827b8b996ed8f6decb82f854c75baf2aa39e912b91fd86b
SHA512 bb574d8d0e8c1d66f1c08e650be6a8f3d690073f5d9d17c5d5e32b914feb5e4dc73df8e282e0784b5fa065ba17001ef9c66a21fdd4c2d8fa68750aa49fb5e5a0

memory/1332-1394-0x0000000000400000-0x000000000040B000-memory.dmp