Malware Analysis Report

2025-01-03 08:33

Sample ID 240611-bf5h2sydlm
Target 9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3
SHA256 9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3

Threat Level: Known bad

The file 9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3444) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4904) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:06

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:06

Reported

2024-06-11 01:08

Platform

win7-20240215-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe"

Signatures

Renames multiple (3444) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe

"C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe"

Network

N/A

Files

memory/2208-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 1d2f67d720260a7e43ccc2bfb3607a15
SHA1 0c886e5bb4278752e48676b074873653c78a940f
SHA256 fc775a7d0c973516738f295d50af73f0950f27a9c6c4d92f844e7439e81be46e
SHA512 e1924057ee0c3918c705afcb572a2d62e7e6cc9857aa2b712d1cda35e1d619491d9a8d8186135ead6c4e12db10b72cefebefdf2e74a9f09d29657d5430f7a74a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 aed14ec618783511639cc942a65ea9c1
SHA1 a84cc67442245f0cba646e54a747c8b79b354c58
SHA256 1f334641fc03cf9da04c7fe89cc01f2b9c92e93caf4e9c3b548b6b531411949d
SHA512 0156712300f044af82b71fa3bcdcbff55aa68dc42c771a3e1730c8faf08732e7cbac55b801952559ff88fa3f9a6c2a6fcee67d2264bc32fc2e550a2139fddc89

memory/2208-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:06

Reported

2024-06-11 01:08

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe"

Signatures

Renames multiple (4904) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe

"C:\Users\Admin\AppData\Local\Temp\9c8dfd69e53d3190b1c3232996183ddff0df903459d07fe6aba770d9e522ffb3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/3400-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

MD5 4427b7b60c35026e6e90dde77d6db6f4
SHA1 02f213e0ff05739bfce4a7898a209f42759077a3
SHA256 c1d310a6b7c9ec2e35e1756e7a8f054e9ed06eccf6145c526fbafb940f0f31ec
SHA512 1a7445199a1992c087849b680d329817662f2393c2c9e533744326ea4fd73bf624bd07e29f0db192e38ff6b78e09038fda2af5fba26c93dec876636a81814eb1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 57f4031f5ccd44da6ead3b0b8e22521d
SHA1 84c971f7fd135ad32288d2c5a27d45eed937860e
SHA256 d3d31c61773775a7965d4bda6c34d4f528716920c29ccc0cb1641149018f9012
SHA512 61b32f9d7d0b678f5827b66fe77e8f14605d4c91584ae583b19546f3a9b1790eea7ea6c8a92d5e506db3d7540ca45447c2a63f2ca1bf52b1951f66b2e407ab17

memory/3400-1780-0x0000000000400000-0x000000000040B000-memory.dmp