Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-d3qdratbqq
Target d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204
SHA256 d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204

Threat Level: Known bad

The file d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (5232) files with added filename extension

Renames multiple (3665) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:32

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:32

Reported

2024-06-11 03:34

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe"

Signatures

Renames multiple (3665) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMCCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe

"C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe"

Network

N/A

Files

memory/2168-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 9910e6524d88d23dfd08214d727a3afe
SHA1 0839090e560cb793ed591385e4d7b5b0fa3a3291
SHA256 63b2f3c0dd958925128b20a365bdd13213c1a2635aae23dce71555687dd7ab6f
SHA512 8a56c43026f91cda44f394d1a2b721ce91185d45a40b8be14db403eaf331ece4e802cd825bffa6a722ed3eaf41393312748769c7633fd29e4f124c63ccde8dfc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1dce8741a2e514861b7c8a34add8d9dd
SHA1 9c89d61daf3709e30e37e5a8d739bad96cb753e6
SHA256 ae4d805d00cff3abba7d44b553e26a83bda70b38ffede4130bc921a5207a0d90
SHA512 e33362fb14ec40e2bd76efc7d48bfac8a0c3fc1cdcf680646f34a74d2a7d616a3e3a596a57cefc65cda48c6a193f56bc937262bb3f36776b5d3ed35fc4758d31

memory/2168-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:32

Reported

2024-06-11 03:34

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe"

Signatures

Renames multiple (5232) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe

"C:\Users\Admin\AppData\Local\Temp\d1afede13cea4db86c1c828da88f605600a27d9032a40289b72b11dfc0680204.exe"

Network

Files

memory/4568-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 09648782eebd4d9e5eaae5f04d6c2668
SHA1 d75f7c4453a3499309fab2ebaba92982b801c3de
SHA256 ee93bebc64440a3fa13c1d4bb9105e0f8c7a42beb0f04a87024d892490006fbf
SHA512 21ab9c961804df7ab7197b069ecd2413230ff7064b54990a980c6a87c8c08d7551e643e6f78411c80c9cbd2056661730791aa6d1a2e5f57def9b6e391351d819

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2802434ca5033ffd1d855ae3215f54b2
SHA1 a9868edea2d9471c1e7746e6cfef8e9af0cd504d
SHA256 3d79371bb8166e42f7edf23fff4119f57bc0f083ce6fd146dd5c3a1a38899a73
SHA512 714bba6c7b9ea81bd6d53aff49adc99dfbffd804ac4049890603655fbc55cbfd5568f7b1cba8a17248b3be3fc7333f59ed0b2cdbc5763ccc0a8bd29f9ec09487

memory/4568-1112-0x0000000000400000-0x000000000040A000-memory.dmp