Malware Analysis Report

2024-09-23 04:31

Sample ID 240614-fkq9fazcqk
Target dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7
SHA256 dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7

Threat Level: Known bad

The file dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7 was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (5208) files with added filename extension

Renames multiple (3764) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:56

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:56

Reported

2024-06-14 04:58

Platform

win7-20240419-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe"

Signatures

Renames multiple (3764) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre7\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEWSTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\msitss55.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Journal\Templates\Music.jtp.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe

"C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe"

Network

N/A

Files

memory/992-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 56e55093069450ed28cf9d9b371bd2b0
SHA1 a8e76417e522a5968d0a66d24a5f4f3fbd042378
SHA256 f4c9302f318d19e5ac97cadeff4a273d53fb7168a780251277805fcf9b1a41f8
SHA512 c4fc6ce0f14fbe3d33badd0d7c86dc20c678410101a86422842831513008fa36a6e8c89151720c43b172ce38d6f033b306eb47e68553c2ca8e7569d1feec9c59

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1b0b687a575ef8c2b91c322368458a9c
SHA1 1ef9673217fe2cf058a335371ee60151faeb16a9
SHA256 2dcf44b887ce026b385957029bfff22115c96024acfb90edb199697dc92a8ef0
SHA512 49db9fa285f20dac3ab2d04b9c5e16c177c6ef46d09970b0ae4152fd16238e4b2edc5813def9db1b983f795eda0a1ca1b252bde783fa82baa32a4b162c578ae5

memory/992-666-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:56

Reported

2024-06-14 04:58

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe"

Signatures

Renames multiple (5208) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FRSCRIPT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe

"C:\Users\Admin\AppData\Local\Temp\dd52ef1cd0dca7500d13ac51992f09d6ef48d18dc8a0c0bac805811ec71c48f7.exe"

Network

Files

memory/3592-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 2be79429cdf6ef060e2d08955f5e020d
SHA1 b2eb2c091bb5f4eba90e7828c71edd2c8b91eef0
SHA256 a95da7ae9190ec88a09c83935fa08ab8ebd997c19d7a741ba3ed0041bf93ccae
SHA512 ef0f868b4993f99168beefd24c61c5aacfd2ed481b0e0349fd9cb7464e7ccda1b8fc3aea886907af230ea9c47410ada6fad7c0ef714ff43f8997a47f7d23b950

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c2f7fa8c35f7646a104ce41b59c0b109
SHA1 80de24f998274dd97de134a8d8e64303f8468bc3
SHA256 cbdc2e0c8fb2b4722d5bd54eaa4c98b3c423ee8a2120962324f71578b9e62037
SHA512 8fbdbb358584d6fba4920b6b104f8dbd8f7cdfb89097d70daf7356063ab413871dd20eb76770fff6a1012bca8663b831a1dcafd0c1b255837de94858c0649afb

memory/3592-1950-0x0000000000400000-0x000000000040B000-memory.dmp