Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-daw1tssclm
Target c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f
SHA256 c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f

Threat Level: Known bad

The file c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3478) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5278) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:48

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:48

Reported

2024-06-11 02:51

Platform

win7-20231129-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe"

Signatures

Renames multiple (3478) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Mail\WinMail.exe.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\PushResume.zip.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jre7\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Mozilla Firefox\application.ini.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Mozilla Firefox\locale.ini.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe

"C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe"

Network

N/A

Files

memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 34db4a55aaff0d160a8b70306f27fdad
SHA1 c1d57ea00210419948dd7653f22a6322c72e21f5
SHA256 1c66a974bbf62a36f09c914deceeda0bc74a3571e1fe892cdec198ce24a9a2e5
SHA512 08c931167780c325b9b45dccca0558127b1772374c72178e9a6548aacf1d538664ba1315ed62f05184b5e4ee8330282e4724a289d13bb9f68d0e19128767e44e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 290c7885c02024a2caeb6694fa8a5b4f
SHA1 e2244458246bb52b18be3932e0288f5de9e51b65
SHA256 13d8afa805371609f9cdf87f68bd41e708da84992ff3af2a048994655ba49ef1
SHA512 48cc309ca491b004143916a1f25dcbce8751d93300048603a9f401ae5a8dbbdc0ef862c70e64671535faebb18fb5ee530250c823ab2957f082f2acf7fc314c99

memory/3028-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:48

Reported

2024-06-11 02:51

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe"

Signatures

Renames multiple (5278) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe

"C:\Users\Admin\AppData\Local\Temp\c15c5fc54c016f81fd87a754e67903fe9ca71b0cbdade022c9ee3e82e9f1a46f.exe"

Network

Files

memory/3188-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 9665be6bf24cbd88f627da500858ea0b
SHA1 4910cf3e881229cb15445e322b0e38ff822be553
SHA256 a1377ab6a31cee6a88467672c5ca622e1a396c5e2a13aee5e65504568f3fc4b8
SHA512 3bcba60c0aec20f653ba4e000af7593ac94d894b258b20729295618bd3e09108a7602c496208cfaceade68a04f156551a1ca22ee697e26b02edb143a94b57ca0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1462f7d656a1ed4f11a22e80bcb5c809
SHA1 4ba402167c3818078fed2e3c87e50ae57c8f3364
SHA256 056e070043f90ecde51882e8aaa50647091216054e62ee0294c59e4b1386b14a
SHA512 44f165c48cd96c35619f2ca1c588bcc68a83f136f274b47b39383e9487882e4ee3d5a3b0120650ac7756af41c679c79f06cc3c1675222d5196d722d6fa0b08b8

memory/3188-1212-0x0000000000400000-0x000000000040A000-memory.dmp