Malware Analysis Report

2025-01-06 13:04

Sample ID 240617-exfssstfmb
Target f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54
SHA256 f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54

Threat Level: Known bad

The file f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3271) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5018) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:18

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:18

Reported

2024-06-17 04:21

Platform

win7-20240611-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe"

Signatures

Renames multiple (3271) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\ReadAssert.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\GetExport.rar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe

"C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe"

Network

N/A

Files

memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 075d3eaf6c0b71526cda094dab652923
SHA1 dc6ce3b2604f66947876e5967c914d24a1405afe
SHA256 d3793605dcff342913818e681c35cb9669f808c01b84a547a4976439ec180982
SHA512 3b17099c615060a2d0deeb64615c306a77fc6e4932b6d41e677b9785d01dd8bb8073a3abf5d964208c386b7490d56f46fd63f84db0946cd3ee167b4c4f65d1c8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 158cf2a1a1e8c9bdd6400ce71fbe9c31
SHA1 4cabdbe575ac6df96ef50a9b22ec483914f4b54c
SHA256 c5bc83902f3a391a8ef212eeb1db60233ee293eba8990742f12a20a6a528316e
SHA512 9632b407f2832a4f83b0c2011a1a22af8c2b51bd520877f7b5e47ca0079fb7ebb1071dba6157440024f984d3acf0748e3d7b6b33980d91a74fac4df89c8da238

memory/2228-488-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 04:18

Reported

2024-06-17 04:21

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe"

Signatures

Renames multiple (5018) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe

"C:\Users\Admin\AppData\Local\Temp\f8aa103d9d9dcadf252ba50fd11a6d21b94289dc65a6ae7d8e73c0f661b0ac54.exe"

Network

Files

memory/228-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 ba39e5d95991409cd51f90af229633f5
SHA1 e4ec7ecdd3c2baa959ca7c0a9d30c9804f472472
SHA256 01ea0dfdb3e69c4a01167c84bb49a1d31050c2618f3358a7686324b9e8c6837a
SHA512 a62478c847ae6fde1f3c3178201bd49377d60a839cdfab99461ee3e2b426dde9fae7b32d2e5c02dd5c45d074b8528d21b2bbf39422d81d8055c1e9fe4c5f1ca4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a62ae93104faf0a2cf742a4df893b945
SHA1 d38bb161d5b4ab42c193ceeba5f1aac931163773
SHA256 29111eae5e163c865b42255f52d97c2e4bb927e7f5c1955c6472f95db0e7be34
SHA512 5a2ff17b18406f39ff7c7fd4c9931b144db4389211fe48664c9b5e964b53a10e82c0592f72ef88207749e7f5a8e5819e05d6cfb50ec8c262ed31e5412e2ed59b

memory/228-1788-0x0000000000400000-0x000000000040B000-memory.dmp