Malware Analysis Report

2025-01-06 13:04

Sample ID 240617-awrfpazemr
Target a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c
SHA256 a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c

Threat Level: Known bad

The file a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3447) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4834) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:34

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:34

Reported

2024-06-17 00:36

Platform

win7-20240611-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe"

Signatures

Renames multiple (3447) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe

"C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe"

Network

N/A

Files

memory/1844-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 ccc5a119c0b18bbd624d497baf5592d7
SHA1 47fbd1e8fb060cfc83b05749c585250fc7732a70
SHA256 86728c812893d13a5ce751c1b803256ad81b4e1a5ecd0151f97a22d01451d5c2
SHA512 836d82c934e9bab881d5ae167cdc27656fdc3628adfd06adaff21e2a59093883196e95193d7a0bd10e257341577e3d75250b6665586e9a3a8a9c8617dfaf7cf1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3c95a5d0b7185b5cc0a2340770555599
SHA1 d4e14fcdd5b8afd0ef84d0e72e16682ec9fddd44
SHA256 0111fd561b455b0f0f4c7740219a0cfa2711205dd8a6a9ceb96dd302abcfa25b
SHA512 d3adc99a0331d3b9b925a2aeef1a4134fa0c415c07a7f18c2068fbfbcd75ae53317357724f600d76aea84e87f47e5ad0bfa8f01f9ffd3901dffe0d94de27bb52

memory/1844-642-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:34

Reported

2024-06-17 00:36

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe"

Signatures

Renames multiple (4834) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe

"C:\Users\Admin\AppData\Local\Temp\a30e27a786dd64f49812d9c191e16ec175098cdd03138c046a28b8fb1066ef2c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

memory/468-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 8221dc50e9d73aa490d3828203d2b785
SHA1 5a3417ab8c390f48271c0cbdd22ea80645ddd5ef
SHA256 60db91c465f23a34d724d45f13211dfd7fd39d29dad79f7ad74ae53ad8abd012
SHA512 982bec7c73714c8b660e49dd5ebb54da9fa460ca0e1c3653c27d51b399f4098de2513b741b21b9b7cb6926a39d7c6ddab93fc5fb4d9df810d0f84ca19de51c89

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3610decde51f094566da2226cc66604f
SHA1 5765af35d7d9a2fe090f9a7bac62e6254f00f29f
SHA256 5cb42bf170a637a138e385abb6639d1458667a457e4278d54f4beeacbc7eb15f
SHA512 de3792c4864f02defcdb976b08aed147dad6176cb4f92ee07812c5752fb2313796a25df6abf22ff653addbe1cbd05125eb0bb01c0253e8efc244471a524cf69c

memory/468-1734-0x0000000000400000-0x000000000040B000-memory.dmp