Malware Analysis Report

2024-09-09 20:20

Sample ID 240614-ag68laxbla
Target 7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881
SHA256 7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881

Threat Level: Known bad

The file 7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Renames multiple (870) files with added filename extension

Renames multiple (3436) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:12

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:12

Reported

2024-06-14 00:14

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe"

Signatures

Renames multiple (3436) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe

"C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe"

Network

N/A

Files

memory/2972-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 12a7448fafee27fa73474df56ba4a4b9
SHA1 af45389160a07c19b59691319bb372eaa2ef52e2
SHA256 64ffc38e4355ef2babf799a1e3b015a5e60fe658dd062ccce217a217586cc8a6
SHA512 0b17d82af7645cc01d5ef95c256e329eff1d6b7f8e7453ce2c81f3aa36db1e1ccd529c34d67fafc6ba0b40ed8b1e57039459a15c5497de44f83f1fdded2a7fa4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 53a64f0445d4a581135795594fd08494
SHA1 3c5802ecc3bf6aa38c765557f1946b7ffee48cff
SHA256 5b2b394013b71cff1ce9af5785e006662ae738f9b0df1fda8a13c250201cd9e2
SHA512 2bb9af3e7c8832d52624268defdd2d343604d647a42126fdabb32bf468c285f1d0e3762c6f0f79d576363a7d714aeff3de6cdc0cfc6150307e9422dfc5c681f4

memory/2972-644-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 00:12

Reported

2024-06-14 00:14

Platform

win10v2004-20240226-en

Max time kernel

158s

Max time network

165s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe"

Signatures

Renames multiple (870) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.0\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe

"C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.180.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp

Files

memory/2356-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 e92a60dc5f6b51d86216b9e7f19502f2
SHA1 b4f669c510d3a4861e9fcc645e0dae179a8d84c3
SHA256 78a5a7235cf9a5cd5e92e489dbd4dca8c3e3b06345dfd50a54470cd0c8300989
SHA512 6c5037deb24e96726270c123c20840bd43735cedc9ff36a34dfc7e05e42e859ce2bf32620addedf43b8ce2389cdace4cf1740a3baa0d3b4c7c0dd102c8c32c0a

C:\libsmartscreen.dll.tmp

MD5 3cd50fdfce4696a4446b71e7f8f20095
SHA1 aad2b330dc9fbb6692788d6bd3d78631d6aa81fc
SHA256 4134c7b9c695bd232de3b53549917c109b9a4733b62a894d4522a20c74c48904
SHA512 e04f014d33ac98d4f6381a5f795d23fdb24a8930bfff60948f17b6a590e5c0978d0ca586f4ac5c8f46c0d7bbd3f25a9e269ce8fb631f54605019756e285d95f5

memory/2356-250-0x0000000000400000-0x000000000040B000-memory.dmp