Malware Analysis Report

2024-09-23 04:37

Sample ID 240614-c6zk6awdnp
Target af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4
SHA256 af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4

Threat Level: Known bad

The file af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3444) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4867) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:42

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:42

Reported

2024-06-14 02:44

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe"

Signatures

Renames multiple (3444) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\ImportInstall.vsdx.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\ResumeWait.cab.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe

"C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe"

Network

N/A

Files

memory/1988-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 7358625caa5e9dd128f515fa3c3ae7a2
SHA1 d72ae4485e9a23425de3b7acaceaba644ad46585
SHA256 8cdb5391e660d33e3b31e385a11a5ea355124ab36e4c37d3011538eabca83abc
SHA512 24af06872d54edd53cb70d03347afa173c4078aeacaea9f07e3c0265d2375ecd5b8a4ddb8e043ff9222b94734825edc987d7fa3953ff2ac3a647b983cfac2301

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 401e21bdf0a5004902c719548ed1c5a5
SHA1 fa189dbc4c74a401e792fb24fa798a748ceafe8e
SHA256 f48314fbd8c29399544412edeb308c91d58ecd07631656eddcc14d85080bd319
SHA512 94893b97edfbe09419230d90f2d259181c23060695f4696351d8dcd876fcdf158345302090934bdb42d8bb73576781ddfd07de3daaac20756cf678482fe9614a

memory/1988-644-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:42

Reported

2024-06-14 02:44

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe"

Signatures

Renames multiple (4867) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe

"C:\Users\Admin\AppData\Local\Temp\af05c8b7c23e82e5f4a322c58ae25243f2df87fbfe1efcf2fff236a640997ec4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/2312-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 3c3849551cd9e95b59efb0104837987d
SHA1 93a10a8ad65b8f6b7c598d33a4440661b70a71cc
SHA256 7d9edb6dd1256d21b82ad4ecb82044536c7fc4e78618fb3e5360641745b38a44
SHA512 35a0623e3a22649bb6a8a52300e10c8c72b2abb7989511fd8282e4ebfb155ff99a8e6c6225e1bdab3ebfb034b4de9326eadf4491f049347330fad0f8e5e1790d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4955f7dbbff12ee3a781ba9efdd4ffec
SHA1 901507d52c68d5c42c254169539fe4242c826e15
SHA256 4a545afe75f80b66a783ced6b714f5222baec8561b648a2c6bad9b945d50202a
SHA512 ac23c4b6676885872a25737bde4a4a8b07593817c98ced25005ff47c35858ee1a291b4a4de42138a31f472599faa973b85fd1528f735f130842fd83d02dc0f5c

memory/2312-1790-0x0000000000400000-0x000000000040B000-memory.dmp