Malware Analysis Report

2025-01-03 08:29

Sample ID 240617-akac2azaln
Target 9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e
SHA256 9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e

Threat Level: Known bad

The file 9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (558) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4856) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:15

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:15

Reported

2024-06-17 00:18

Platform

win7-20240611-en

Max time kernel

151s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe"

Signatures

Renames multiple (558) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\CompleteRepair.odt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe

"C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe"

Network

N/A

Files

memory/2372-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 6cd5dbf0798f7def095b93d971e18f56
SHA1 c447defb7310cf49148dc10636ee6584294f7ea9
SHA256 f87a55136208b5304cded281c1278776b1795cc44c80b8032dd0d6190b9602b9
SHA512 af7285368089e9101df67200b80b97160134d23f1b78f7976a75484d9bb89af3aca89dca3755a569aeeb2da8bdc0f92a43c2e05add2c5340a275d7e917eb5107

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ffdae2956010a65f7ee3db04f94c2b4a
SHA1 de079d258262656d15d6d4ee53b627610b03c829
SHA256 a5576ebc7b7747c3c6b3612aac1f3842050f2a6a1ab7751a4ba2ce3c16665d84
SHA512 0a158526390d1730ca7a12f6142b101c13555cc91fa4774d45db94cd5a830db0fdda004c7edb333ab7d3445c31a108bf153a5d8f4c8416dfe6f4e20ac810bf3f

memory/2372-62-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:15

Reported

2024-06-17 00:18

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe"

Signatures

Renames multiple (4856) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe

"C:\Users\Admin\AppData\Local\Temp\9bb482473eecddada925398915dd6e9f86840d9b0fd7a44db1e36ee2d2315b6e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.107.114:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 114.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

memory/116-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 6def440d55542f6db7249389735c94fd
SHA1 0d8e2e45569cc0a8dc84266e72d41edbcb74ba50
SHA256 5121e0b2b45d628184adade7a1eb83b11b55b376053f78c930630fee7f6aea36
SHA512 7d852e2b56af895a733b3a0a0ca2962b0c2d1c331e2e78baaa25e0b62af80b4a4394ee40c88de7c26e2de4364a06ad3ec6ab3062ae7f69f94f2a8503e27f1433

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4b0c87f463a168216203083efd0b3551
SHA1 93f3a6a021b61308b2ef5673cd72fa23c11194c3
SHA256 cef4b9731371773193365253cf9917dab864c68b4cc27012351aefbcccc8fa91
SHA512 a8fd6740b72058facab33437052739e30d6e2be23937f92294587ac70c6fdd8790184094e59b0d97c10907931fb3c322fd8d0fb958731adfbd0bb4614ec5dc60

memory/116-1798-0x0000000000400000-0x000000000040B000-memory.dmp