Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-def56s1gle
Target c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691
SHA256 c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691

Threat Level: Known bad

The file c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (2121) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (4100) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:55

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:55

Reported

2024-06-11 02:57

Platform

win7-20240220-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe"

Signatures

Renames multiple (2121) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe

"C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe"

Network

N/A

Files

memory/2076-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 7602cc30a58896eee4396ac82cfaab28
SHA1 c81a12f7a3e0980e3f512934d2dd2d2a37ba8901
SHA256 d95daf22184f85cfa97ce46f155f8e00466c068dcb30901168e63ec33c061c84
SHA512 dc9c877e6e03f48e84a44fb5dd4f63c4a6b04b98bbceb957779e1e8c3be1aaaba03b70468834bb7e887a3b82f914dacfdcf5ae42792f09e5b0bc61e04ec6b690

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b9f90c0c8f99810e00d8831441bf7275
SHA1 0a073407e9b0f40a75a8baf76803ed299d2d35ce
SHA256 448ba83da49d7654b86488759cd36c71a9d67723be8065111275913a5a5c0593
SHA512 a40c2868e5c1df1e122b9e9511399b965ee4b5ac94fee22b22d71f89192cd3bbe30ce4ad5068aa2d0164699865cd020023364295d1fb6058535332dbd662f8d8

memory/2076-258-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:55

Reported

2024-06-11 02:57

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe"

Signatures

Renames multiple (4100) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe

"C:\Users\Admin\AppData\Local\Temp\c46b0e5f0ca994425995a133a9d0915c33003c35728c7d7aad4ea91d566ce691.exe"

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp

Files

memory/4452-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 c376fa772d471d499d62bba65756eafe
SHA1 ef23b93d1839fb8b9e769e9177497840a8ffe838
SHA256 8ef434061f4910d4c969be3339c2f774efd3304745217222537056f4a76154c7
SHA512 0bf7eb3aa8de785dc7305a82679db9b7008044c439c94fc82fa001f5926e4dc9d8da72ce0543e698dfc45fbe6d781d4eb01106280213a41591b8f8a63afe6a99

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 961d177a2d97061df249a3d0fc3aaebe
SHA1 2158af49a489b1e9ca20f9fde29b3640e0f0b7c8
SHA256 496e0db999dc6e4ce0aaca8d0e24b408e04828b6804414b413365698c554c192
SHA512 f8e9f314ebe315fc208b3e31b0dda3b5a123c111a5ee4121328198e6121905305b27cbfdba3dd732a7693df4d74d1f13964d83e2bef7dbe040ca6a972eb85ca4

memory/4452-1382-0x0000000000400000-0x000000000040B000-memory.dmp