Malware Analysis Report

2024-10-18 21:36

Sample ID 240614-wvb59s1eqe
Target 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba
SHA256 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba

Threat Level: Known bad

The file 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3743) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5244) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 18:14

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 18:14

Reported

2024-06-14 18:16

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe"

Signatures

Renames multiple (3743) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre7\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Defender\MpAsDesc.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe

"C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe"

Network

N/A

Files

memory/3056-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 7fef14269437a3f1df8886652a82422b
SHA1 b3dc0f0e612b6a381a24963fa4d07bf75f8adcdc
SHA256 d9f20f8179b5934bac1c7d9736721e3aa500f10ae57842915ed6c548ec80e51e
SHA512 fc09a31dc1b1a9d6f13bd9e1602ae3c6eeb3bf31eb5300ff5223294ad34da12351450f143f903ef04ee327d1f72e1c9ff8bcdc669dd5ffd61f2164c18631685c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ee6e2fdede17879ce6fd1adaf4ad41cc
SHA1 cd7291cf0d793143c885ffba82026ff0ca43f08e
SHA256 124d7c6752479be8595b9399536167361783287c58cc62c5a87faa523c346d9d
SHA512 ea84cf580339d479a9d32a93554eb1b3a16713b952f66c1d1ef9320c76c0fe5c7b0ada92c9c601365ebe416071663b58974ea559a05a5bccc323f6e6f77520c2

memory/3056-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 18:14

Reported

2024-06-14 18:16

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

57s

Command Line

"C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe"

Signatures

Renames multiple (5244) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\FindBlock.xhtml.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe

"C:\Users\Admin\AppData\Local\Temp\02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4712-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 d25bdecf1e6f64980a6e7ef3152a3f43
SHA1 9c4a2ffad541a24d30553a683996093c3702ae62
SHA256 81fdbacc19f82e2bf37e42ebaae96db45e7edc77c9663db3a587f299a869e21a
SHA512 31dec26506998d88f685dfaae77c633970ace674086827899cb537df494dbeba8c328918ec9efe99e21c40397a3623f16d7e7fb965ec30c3a5f7edf734065244

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 92ee024a55b7c0585c1d67847ad07831
SHA1 b492a69fcaa394b601e65b2022472373f4f0cb3a
SHA256 6be629d5bfe0b48c13f21517dec19e5f189957537028c0f34fb8717376b7d77d
SHA512 c66ddb66a07490eb47d8c316e9914ce4402f376a7737104c14bf6dd5426af742ad6d1863e7249cb6be607f53e89ccc0de285201cb08826fada4788bb1d47cc52

memory/4712-1220-0x0000000000400000-0x000000000040A000-memory.dmp