Malware Analysis Report

2025-01-03 08:28

Sample ID 240617-dstnes1hje
Target e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2
SHA256 e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2

Threat Level: Known bad

The file e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3384) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5004) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 03:16

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 03:16

Reported

2024-06-17 03:19

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe"

Signatures

Renames multiple (3384) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jre7\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe

"C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe"

Network

N/A

Files

memory/2940-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 ce7586da5c370371baa55246e7b01bae
SHA1 e1cae9fdfab8296d7a25fbbcb970e9340c1eebe8
SHA256 744c2425f27db6fc8368b1a44f8fc400d62eafb602f39b3fe84c2e4025c27b90
SHA512 bc5f7bfa4fb8b8fa077261d79b22a90da9b0c00bdf09456c53fd745740c15374e2504d288ecf370b09ce55db63a970b9051e6fabbdd63df96f028fe1793cdb45

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 35b0aa35e732231b79b23cc809483975
SHA1 9357be7eb5ba02c53ff2d9f33b07a0eccc363774
SHA256 a8bdf521195d5995b738b61450ba50415da99b56b3a7ff6d689ddc6309ceba7e
SHA512 0a4481b18cea4ab7fb54bd072bbee9babe9161ab042a5cbb7a86c5ffcfbaf27893adec8d2dccdd99c585afbb6544af0bac60068a32c6ce7f9cacec96728c2d66

memory/2940-638-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 03:16

Reported

2024-06-17 03:19

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

57s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe"

Signatures

Renames multiple (5004) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe

"C:\Users\Admin\AppData\Local\Temp\e19fa4e9a6e6c72a76f8be73fc9d696ed985d385f050ae8b85ff8990217b91a2.exe"

Network

Files

memory/3108-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 023c52af2806e6696f99e45f3fbd8886
SHA1 25e97f4ae2c03a07464a91dd7bdfa10322b0f0e6
SHA256 c28f8cd33446a430a91b39b7ee721a180e8e58350fcfd181c46c01a1861b01ba
SHA512 9092eaab974974232861c3cdc82d3b6d743ae8574d83674d134d016d20097e0d92cae36bbd4536ab67cc4488b7dda0cfbdaabd8be49fae821e374b339a4ce2bf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 08293e05ab57f3b12306419271ffc9fe
SHA1 842054eb44c0d84ab4ffa7cef7dfb595b54863ce
SHA256 8894b1c28314f4c01c3ecaa0a3f86a75a00e8401f26beab3fbfaa55b294ded0d
SHA512 3e23c7ed4561b0d21400c9a7ac7c7b23ae4a3ad38f95e638d98af983e80ba496e68a479f36db60c8e7104e53c837c2df94bd5ef21ee0c36ed77942cd97ca4c73

memory/3108-1786-0x0000000000400000-0x000000000040B000-memory.dmp