Malware Analysis Report

2024-09-23 05:09

Sample ID 240613-bg2hsasckp
Target 0630c1b85fcc9a63d6e9965e7b611640.bin
SHA256 e2070116f8e57e7f173dfb09cd7282697dc430bf628383b82f4f4151ae4b47fb
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e2070116f8e57e7f173dfb09cd7282697dc430bf628383b82f4f4151ae4b47fb

Threat Level: Likely malicious

The file 0630c1b85fcc9a63d6e9965e7b611640.bin was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3791) files with added filename extension

Renames multiple (5291) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:07

Reported

2024-06-13 01:10

Platform

win7-20240508-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe"

Signatures

Renames multiple (3791) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\eqnedt32.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe

"C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe"

Network

N/A

Files

memory/1632-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 7f0930b3d09153b7d1ec95a98cf0c44a
SHA1 27c5a1010b20b662871c680615e13f858c5a15cf
SHA256 91509018c68990235751ace0f9d6b292c6674de5166bb4a26d55febb372b1149
SHA512 30bfc2df918bcf33b1d5627e3388145886b251e0c78d30519637549daf840fcdc66bc59b4202dffc7ece264e0206c74c8796b2e6a8ae3c5823ec1f8d3816c656

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 15cebf4bd1065154de919a18d11e17bc
SHA1 933246bb597a2f8c999d033116378c04b45fa6bf
SHA256 355d086bcc283d6b0c1a0da58cfd1e4feb6c91b5edd84197db5e50569b545d88
SHA512 1c0323e60556a131b73bf5505d735a9dbcfabfca14fdd3b4bc15f6b40652856a599d4b01d883fc1d776ffcbe5e3ca7a7235f7a5453fcc18e0a54970cb7d5cbdc

memory/1632-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:07

Reported

2024-06-13 01:10

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe"

Signatures

Renames multiple (5291) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\BackupDisable.zip.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe

"C:\Users\Admin\AppData\Local\Temp\0630c1b85fcc9a63d6e9965e7b611640.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 f310ea37cf1756caf2c8060cf61d9b75
SHA1 2774e9a5c56fb5ce7651f50f1203b51cf2d71702
SHA256 00740f374064d6216bc344b55eb9f5ba82e021a9357673a2cd83d950e7bc9e50
SHA512 0236cc252c183f9107af6eca3db2db313f37aebc152da3619943f149f1ecf1ad169f25351e3fa598d9abdbe129d0320cc55ebf71b79e3da71357048482aeca6b

memory/4724-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1803157c3eb05ade1e762c206a51779a
SHA1 38cad08fc2209bd03250d6fd55473f2e78b08d31
SHA256 802da5343f1791fb194b753db8a0816376e4a6775b02756aca589a5770972bf0
SHA512 00a695f908bfdcb7cfd841c04068969941da6fffa9b16a5f9e01e3a6fd6a080fffdf241848a4546a3eeb7b9804aa088659392f22562896ed381f88c10783fc0d

memory/4724-1122-0x0000000000400000-0x000000000040A000-memory.dmp