Malware Analysis Report

2025-01-03 08:28

Sample ID 240616-2211vswgrn
Target 7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e
SHA256 7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e

Threat Level: Known bad

The file 7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3477) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5219) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:05

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:05

Reported

2024-06-16 23:07

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe"

Signatures

Renames multiple (3477) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\CloseUnblock.mpv2.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe

"C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe"

Network

N/A

Files

memory/2380-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 fd39a484581f40fcc5ddfd5476e97710
SHA1 6308675dece046c179d5ab9240265bb16b1179ca
SHA256 e997d69366a5be2d24081e83c0e24f280c7be658d6e973ed7d2667540abc5ee8
SHA512 166972629f17e6ef3535609a5f25f43a0a08731938c9e80438b58abd708f7d99cb8c06aee4e48e53456fe7892b97d84908a4977d9989bdc20fa84277b9d88abc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 989c99599eadd40cea63edb536d91f69
SHA1 db76ebc0adce195dd984aef443eb58ed6ccf78e3
SHA256 d9f41a6a1b7257568d9b792fc9f6383e6f661eb8d42478f131088280b103634b
SHA512 0159afa50a8b9b0114f7329f20752e752f139f7abdd0b88f6792a228937e610f272b23d3f3f74c99a2bbd985d7b9327fc0bf82a436c9ffb0970002e920eed42c

memory/2380-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:05

Reported

2024-06-16 23:07

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe"

Signatures

Renames multiple (5219) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.ONENOTE.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFRHD.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe

"C:\Users\Admin\AppData\Local\Temp\7e0a96f70fb01ef0bb00ae78e2ac53fccfa77ea2ebad25bb1ead28c63092dc9e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/3564-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 8c0f32b3cda154d553ffcf8e688338e2
SHA1 1d9c9fc4956eb4dfedae514594e8a88c8e29916b
SHA256 28ae817e983438bcb48b32f17bc1a72611e3e85da09eca647a3b1f12553bbd6e
SHA512 082d03ea111201c25d86db9af3ad767c5c65b4377698c1ac991652320f6c4ebc5b6e96486167f15e51c5c359130e90dd2bbb47907a0398f838e6ab3c3c8bcdc4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 20f8fafd5f332ca473b7babdf7a7a215
SHA1 b6f87cf8f76f684b964e6b461082a00854c9958c
SHA256 38914cfb32de334b99f37a33c51eb8cf68c4f5df7e787bbd98647eea48ebf3d1
SHA512 403ed9f86bd12fc2d3f9daf45d006c8a6fdff01a5915b07a0a1d9f1af99cb0cd94837ca066db5c7d9f25297b2541d67ad42dab84c97773b9e84eff307a35fa52

memory/3564-1222-0x0000000000400000-0x000000000040A000-memory.dmp