Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-dgvrca1hka
Target c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f
SHA256 c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f

Threat Level: Known bad

The file c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3523) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5194) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:59

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:59

Reported

2024-06-11 03:01

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe"

Signatures

Renames multiple (3523) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe

"C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe"

Network

N/A

Files

memory/2860-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 5dbbfc13f42ec28bb26069efeb01872c
SHA1 5267c740223b73b67a283534468c67caef29b729
SHA256 872efd9a1424af7e651d01a8efed97057f8fec8196ada7fca874d483ab04989a
SHA512 f83695a61649b3e1782cb520a8c96ac158cfb6fef84b466e2522b6131b22133526b4034ca09eaf83569414efbe40289a3128d7d482db5066ea24f01f3e9f4f8c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c85e10aa73bdf73509d7025c9372f587
SHA1 52b4ea06010e5a73f725fa3eec945e928bf107e6
SHA256 abdd43ef43769c9a9cb64fd6198aee1fea2d2b3c11e4c954b5575bf408545cc2
SHA512 648a3325e4c0e1637b740b71df3e7f98df5e363e3a5fda67804db9274c59817270236d35181b6b0ba01840408c44c352b25968241a84c87c84fb0a9230973679

memory/2860-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:59

Reported

2024-06-11 03:01

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe"

Signatures

Renames multiple (5194) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriLI.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointPortalSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe

"C:\Users\Admin\AppData\Local\Temp\c66b3ae86fbfb8dc26d0b90b437400f65b66add3c557e471b93bc6269e5c758f.exe"

Network

Files

memory/4732-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 5dfc57839a0f8bc6e8ab0200004236c5
SHA1 16394ee26e55838ee0ed525f06e166f3d079b2fc
SHA256 081266478461d053ac167cb90083483aa397b8ab5fa44298c226a7214689fd83
SHA512 37d7c74bf23cfb2fcd3d0abc0e8f45c1ad7fce2812c31fa2891e694fb3640efe320f7fa3d18f600b1e83509b20e2680de3ae956b0bad2f036a945dba76e65887

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8c24365dbcdfbf7eecbd2d817da57959
SHA1 3e4d21692a91537855709247fbb6cbe8473e43b3
SHA256 e4640bf86b499315c93db8cdcac658fa9fc71e95941d197e9bd62272674e8d7b
SHA512 f94d4338696fc5b1995066a262e1d811d1e22fb6d502ec33eddb8bb33e0e46ad899e49ebafa8d9f23ce09866e48d81a3ad248cd515f9508c2e5fbcd0188cb302

memory/4732-1134-0x0000000000400000-0x000000000040A000-memory.dmp