Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-e7p48aygrk
Target d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7
SHA256 d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7

Threat Level: Known bad

The file d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3141) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4820) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:35

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:35

Reported

2024-06-14 04:37

Platform

win7-20231129-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe"

Signatures

Renames multiple (3141) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\DVD Maker\PipeTran.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe

"C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe"

Network

N/A

Files

memory/2360-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 bd38146cf1b969c93e80e424d7fbe12b
SHA1 d179c1d15cdbc0e75cc74c5bcdc8a29f5b983dba
SHA256 7924142599a02959ec2323e72b31601fbe6d2fe9a048563559bf8df867775aa1
SHA512 0b7992c562d3247ff1b38c7ec0b9317800737b3643363a1d3e4808f1e7ebb3c353ad5e9d63ad8921a00d6d8f8a1c37a70903a7de49a026780621e77463cc704b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 327264fdc7241f5f16449f5bc2ec6442
SHA1 4968552dfeabc1a0d8f6c3bdaa9290bdceb2c9bc
SHA256 ea5df91b355360c2483c92b74fc6bbda76f763f8ee054aa2177af2ba424f3e27
SHA512 2dc7b69f30d2621a880872693b2fbf95a6e7c6eed0942c29a3c5a966ef4dca0a93ca6f55929b79bab5d8bff46fdfa697b25c038da5b2c0ebe3de85a8f0a5c7b0

memory/2360-464-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:35

Reported

2024-06-14 04:37

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe"

Signatures

Renames multiple (4820) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\GetUnpublish.mpeg.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe

"C:\Users\Admin\AppData\Local\Temp\d6302063677dfdd6776a14602e0ef62bf1d600e73a982c531f80f2ca5aa519e7.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1636-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 8c9a6d4ed24b95452d3616d69a6aef4b
SHA1 dd252c6209b06f9d81cc448edf35fbc2c569a88e
SHA256 b1dcb426b21acbfbc41f0f334d4170f18b3d6569e01e3b10e03549752b7d5749
SHA512 b38dd6f2932b853f226c3c14ef8cc6f62700533efd5dec0601ae4d7354a5c0c0568273f6df7661e94d748b65e6b3b965dc2631fbc24203ee9172e82b5f1cd3e6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1accf87b79e006a98999364b40ff9ac5
SHA1 0ab7923e50562ab3ff71c2ba834ca6a69bd052a1
SHA256 c0feafeef6de45a4f455f8deac5bf348e659eeb6d9ca190aeb7b7befc9ba6b79
SHA512 c75aee21fce0b0ac9a8bd7b89ec2f23b964d997600f6df942c7ac2fd4d1871a10b4d8593bca0dba04b39ad90375568ae2c88d559849e72f22068c80b5736a7ce

memory/1636-1736-0x0000000000400000-0x000000000040B000-memory.dmp