Malware Analysis Report

2025-01-06 13:03

Sample ID 240617-d4mz1sscnh
Target e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20
SHA256 e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20

Threat Level: Known bad

The file e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20 was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3335) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5036) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:33

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:33

Reported

2024-06-17 03:36

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe"

Signatures

Renames multiple (3335) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.ini.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe

"C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe"

Network

N/A

Files

memory/2360-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 7b7b1598ddd5c7b98d998e09ab2fcc34
SHA1 41c6ed69a9d74fae6c9f808399b1860a7f47f252
SHA256 7425cbfbe35bae8be23e18314bc6a88827e25f9246a682399943a02197393d03
SHA512 ee6a2956a4b37baed57f911ac906d77267336c11daaedd1793bf1a0529a79c9e02b9dffbc3738785a28466df48fbb7e14ad5860b88ac5fb0ae349686ecd6a32c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9a11823f245f2bdbe604fef605f415d9
SHA1 6d23a1df0b683eb16541e175eb081845f482d0a5
SHA256 fd4ee72a18ae110e6b5f36ce16bf9ffcd4ac46d39709f86cb8843b06d79ff9b0
SHA512 e098545776cca0cc06f1ef12044bb4de1dcfbb27286c2e052bd70b0b19b9aa12de31f1504f99c4b60d50cbb6c1331babcc48e14995b2682ac42df6e71ba78a82

memory/2360-461-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:33

Reported

2024-06-17 03:36

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe"

Signatures

Renames multiple (5036) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe

"C:\Users\Admin\AppData\Local\Temp\e7312dfdcce9a45aa6132b4fdee75abf9c70c423086f3da843e98b9a06b6cb20.exe"

Network

Files

memory/3580-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 5c49de8b6894852bf31c71f0de32b605
SHA1 9b53ad5ece9a5121d31571e6cd8e1d388bf28932
SHA256 534524b17aad1202ed711c5df26c1c67c5cb90a3f6f4ae42f87d97b6ff689dd4
SHA512 5d91079bc3ce1673b61518ce8913714417d8e53c60539ab673eab1c041d375883826005a42656116a22bcdf5a843ee14da4bda868dd560e8376fb398800f50cb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 958d17643ba41564a00c714deef431b2
SHA1 8155a564bef4e3845d6a1b0ff8b4a8d567d39570
SHA256 df6ad520256b91180965ada6a4d6a035a047c5bef2c4a183754dfd6e3fe5ac02
SHA512 9bc58a18dacb2bb0f136e1abde95d717e9e2496bbe93a1981047a1d22d3fd949035904c2897648c2c0cb29b1af834b9d9d4e83c0faf166ed389514fe2920ab72

memory/3580-1846-0x0000000000400000-0x000000000040B000-memory.dmp