Malware Analysis Report

2024-09-23 04:42

Sample ID 240614-bqpkkstbpm
Target 468c51a3fbc826e83fb264282829b7c0.bin
SHA256 ae447c4e3a19baff1636a89459a1d4f8cbfc9eaa6f7fc5b3bbd5586989dcd710
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ae447c4e3a19baff1636a89459a1d4f8cbfc9eaa6f7fc5b3bbd5586989dcd710

Threat Level: Likely malicious

The file 468c51a3fbc826e83fb264282829b7c0.bin was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3737) files with added filename extension

Renames multiple (5030) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:21

Reported

2024-06-14 01:23

Platform

win7-20240419-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe"

Signatures

Renames multiple (3737) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\JPEGIM32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe

"C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe"

Network

N/A

Files

memory/3024-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 0b8bce62095460577c3a1878c046156b
SHA1 05751392541b3a02325353875baf35f4fd835cda
SHA256 ec37bbc952aa0d0a340f122137475834e221c82061fadf70e9fac7437db1e547
SHA512 34fba091c039100cabd2270e2b2f08e29586aca1f9381f00068fbe4b64eed71333fa63617d11565a311e32469eca01d980bacb7c82c43c7ccc8e39a24919d51a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b30cb610a1253aab3b3079d7b1f7d747
SHA1 1e871c81b5d08fed435fa64171aa2e34025c6140
SHA256 bfc9ca1d2cad0ea722f047d3d4280c7db1f9c33999f74de854adac7ece4cac13
SHA512 ab7fac479c80ea8642cb468bc2ca8da5e6f41e7dc6a7785911b547a78db2849bb64b19b1e75da6e03f4862ebed73801b9abf301b018823a0a9802690c6f85ba0

memory/3024-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:21

Reported

2024-06-14 01:23

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe"

Signatures

Renames multiple (5030) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\README.html.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe

"C:\Users\Admin\AppData\Local\Temp\468c51a3fbc826e83fb264282829b7c0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4172,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 227.162.46.104.in-addr.arpa udp

Files

memory/3808-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 38380ac38bd58bc63f81e59200e67336
SHA1 029fa32306c27d6ef83c604a2eb951b87a465f15
SHA256 ce44b182c1893994ff0307289e51e1787e920ec14fa5d01fbb3dadd5e2237d07
SHA512 b1b5e74704ca58399d5a011dcda84dc68bb994d7a7d96a7b9e5963b95e20bf4a959841546d1bab8ec56d5bb15cf3afd6764123dc5db50bd3ac6c70b1121d6d1d

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 6891b4409ee1ede09e7d9296211257b8
SHA1 dd6b5893729c6f9cd93d31f0f97ce487bcc54879
SHA256 3e0ba9ef4fbf372db97449f17a93dd70a28296015c515920cce1f84694e15731
SHA512 0e26a88faabee639cd6ad3d7d03a2cbc1350ccb1f84e580223c5927c5b7c0c2ffb80d8b28ca0999858278e80bf6da7777b9356ae3f1a09653a6d42d821620546

memory/3808-1086-0x0000000000400000-0x000000000040A000-memory.dmp