Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-deyp8a1gmh
Target c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23
SHA256 c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23

Threat Level: Known bad

The file c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (4867) files with added filename extension

Renames multiple (3221) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:55

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:55

Reported

2024-06-11 02:58

Platform

win7-20240221-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe"

Signatures

Renames multiple (3221) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe

"C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe"

Network

N/A

Files

memory/112-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 147f350007f93e1561a0dc71abc925af
SHA1 72e3f610ca929c85059d64401cc1f862d46618af
SHA256 a913b2651ceeb7b7d8588c840e567ca81b8b9f13fece290f7bc212e724071293
SHA512 fff7f9319f7da57af515862d367f1fe4f45e03c52ce1f9af2c2b25e8e8433443e2d7503e56eb3538f2f5de20d88f7ad5c910127675b18825cefbfde8534abe88

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bb6d694bae25e15c84d439a95bab9060
SHA1 691ed7975963788a18550a5d9c33f709abfbeb58
SHA256 ead8fff0c32e89684d24b04f8e8b843b8e78267089768b0e72ee1022b08bc458
SHA512 16fb96e3fba8301f53fdc381bfa1484cbbd391f92401c8d161ffe63f9fc72388c59815aa835d20c7dfd68608a1cdb36b3928192bb134eac9431c8abf0dea547f

memory/112-458-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:55

Reported

2024-06-11 02:58

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe"

Signatures

Renames multiple (4867) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe

"C:\Users\Admin\AppData\Local\Temp\c482aaa395c1324b7c97349b111306c09976248f2dbec2c4ef0752e0ae9c0d23.exe"

Network

Files

memory/4580-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 0ba79a5199cf7f6cab3b7beb4da234c0
SHA1 892c42d434893c19ee7d6e9590e78a686b73f970
SHA256 4ca205ca7e12a816413a7c3627b6963e1cdcfc47b85141a91e61e9f58adb3ae4
SHA512 076f395cfb2f4d247476e62007feffceaf2b671ce1d4f871d708cbdf77739599e4079433365820b91816a76f7731a3271939278ae84226a4bc9ac24fdb879ecf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 289e9fc3c3175da092b1dd2ba344ee47
SHA1 b14baa532113435d6c9581f4f9d8180c701cc9e6
SHA256 4fa50191d39bc0c99eca247b5a5a9f5b966cab13c621afeb4d56001f31ced6f8
SHA512 b000c0aa91b5dd33e01c15aed5c1923bcec1de8df564ab76c43bc890099d709290a3458eae0764ecf77673f64c4c6013f61b8ee432badb63d5a7ff681ef08144

memory/4580-1786-0x0000000000400000-0x000000000040B000-memory.dmp