Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-blm6ysyfln
Target 9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab
SHA256 9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab

Threat Level: Known bad

The file 9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3890) files with added filename extension

Renames multiple (5337) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:14

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:14

Reported

2024-06-11 01:16

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe"

Signatures

Renames multiple (5337) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe

"C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe"

Network

Files

memory/1980-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 e76c89ae18346430516e1ce1da5f8e28
SHA1 6b78715c1f7aedbcecf348eb8dcae6d10f707755
SHA256 62b16a2fc450189d2001ca97933cbb6b2f33fc72ef4054542b6460d180d0cbb7
SHA512 2e1881b02d640bfd27eb418f3d07e6c038c83b37773d2f9317a59f94a154e5e0ee6cddca6d1185206032e469cbcdb0f0622eb59a7e480d2a54979358f15e26f8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 06fa47cd88d9329da0ebacbb6c3f8c57
SHA1 b3acf196f9da456425b5cf30fc19fd8c21e2fd23
SHA256 c84404533ad86fe9facc52600762157f1aedcd39bd70574eed74d1db18d2e022
SHA512 c7b810325c60e30889b2e6869fc2d8e7012a26a2f26bcf6b2a4ff961a5dc5e19b2867bce48e523825ccb7a5123c6108e002af1042b51ceb42a365de5183751be

memory/1980-1218-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:14

Reported

2024-06-11 01:16

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe"

Signatures

Renames multiple (3890) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe

"C:\Users\Admin\AppData\Local\Temp\9fc2d55c485908d11505ea3ed06c5bb0be67a2082ae582326b891a81ad7b16ab.exe"

Network

N/A

Files

memory/2020-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 a1d4a584395c1494083910c9829bf767
SHA1 1ff0480ac531b872c39863ce85199bfd1c63909c
SHA256 02a92695a5527200c0ab2e98ad741d8301db397bd3904996e985dcb9c3225d9c
SHA512 bf246978d81e174daf0c0a04dfac2c0f126b1a07885c3e5aab16e7f9967d7a986428f67cc544fef6721c3bf717c422643b60f61b8c7f18b29feb9b4742578172

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f4fad7720ad396a2c6f9d0b92b6a9198
SHA1 e38f6b3612a45d378fc116c7c7f3e8dcc667c87f
SHA256 79b3135e621993a8d9241955a826960d2518184f08e4ad82360feba2223a69b5
SHA512 534cb2d4f7b00737b030c92714a1d521f54f7fa67c7bab05934a8adab0f2ab4ea4a6c8e28b7cdd59669c362b9e7dedb7f9edc6bc205142bd861c7b946cf81a7f

memory/2020-86-0x0000000000400000-0x000000000040A000-memory.dmp