Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-dm5thasaqe
Target c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064
SHA256 c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064

Threat Level: Known bad

The file c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3737) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5349) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:08

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:08

Reported

2024-06-11 03:11

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe"

Signatures

Renames multiple (3737) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\DVD Maker\Shared\Filters.xml.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe

"C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe"

Network

N/A

Files

memory/2860-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 89645ff3718e9e67479fcb65f6ce206d
SHA1 7272e371d2a1dc1a6fbbe3f53000045ce15c36f7
SHA256 b6e47b524bdd497352d82b5206f4c5b32c3e2ebd799a11369a74ea045ff88609
SHA512 238ebb2528743c9a444d8c33982783c5a095b25855f54e4d28dfc12bfeec1ebb796df752750caf670edef94ad3af5d0848e96a7c585ac1fc49d5a631c5ba0a6e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.exe

MD5 26149a051a1c59c75c099c2e2ef1b5e0
SHA1 c6765143d920416ce5c46945763510d181d3e3e5
SHA256 e6ffbf595e4f1f804fb69cf019dc90713cd952585a427d6b2f4ca4cb679f22fb
SHA512 24034228173e955ff41d6350288e3a73eacaa6683a2a5677f81c581fc4eca52617712f53594735690372ab9eed7641be88e28d0d0890e07799edf878ef15cb0f

memory/2860-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:08

Reported

2024-06-11 03:11

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe"

Signatures

Renames multiple (5349) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe

"C:\Users\Admin\AppData\Local\Temp\c9746e819e4aab2ced5e86a07abac8f237b9a5f6fce7d87ba187a3768c190064.exe"

Network

Files

memory/4980-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 d6ecb9e19d9997835463ceb90f7601d7
SHA1 51f8bcb7f46f3e439ce0871f147064c81fa79dee
SHA256 d05912881616d1a3809961588c9cc8d35dec352cfcc9f47b9f070e5666f7ff23
SHA512 50cc406dd8ad2c1266a8f0d714140106752c8d1c314aab70801cdec8426e78bc0fb30c959cfcb8d803b124bdaf17feb4fc4832fe93fe7040f68e776bb3c00b3a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 270e046dab313086b27c79e211302a55
SHA1 2a08626518637a1403a1c538833a5fc388b04a4a
SHA256 28d2c20a55ea67efafa9da89d70022aa643c57ffa43704703404a3a827e6b905
SHA512 383007bc16db99282da53b60ab6c70fa29bc469182d1a34513bbc6eac762ffe2a6ed0f5de3a3c330bc205011847f52e6b13aadac90fe70b44f12a5dd113d20e9

memory/4980-1222-0x0000000000400000-0x000000000040A000-memory.dmp