Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-bwsjeszdmc
Target 9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b
SHA256 9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b

Threat Level: Known bad

The file 9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (5322) files with added filename extension

Renames multiple (3594) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:30

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:30

Reported

2024-06-14 01:32

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe"

Signatures

Renames multiple (3594) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe

"C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe"

Network

N/A

Files

memory/2220-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 afadbd69fc5959852dc50a3409c47aa6
SHA1 d29a0a4715878ad1768b51fc412434afd40e138b
SHA256 e85b0f1a9bf97af679858326a1c77c4206bbddf18e55fc1c66c09b82f5ce7f0f
SHA512 5c3cb7b2d62757486b7e889e65e068b4cfd20c319d1990513dcc2e25f801b543f643aaf8ffa16f27415575f2e22c98fdc7e9d20cd324ee107bc76947495b9595

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7271daf7e98e9754f7511f43631748cf
SHA1 e74f973610042fef3181363bd66866ee217fa5d4
SHA256 4f72c37f9c52f8b8209f932694f856ba181a1e618f6c454338bd262ba8028c45
SHA512 eec607046f258b6a3f55af6bd3f14217f56884d2c35771527f7cc59f15b141ba6e3ddc9f06475c7ac3ee00754aabe149e7d50d67014ba2d26455f25cae976f84

memory/2220-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:30

Reported

2024-06-14 01:32

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe"

Signatures

Renames multiple (5322) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWDAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe

"C:\Users\Admin\AppData\Local\Temp\9377ffeb3438013a51fc5c19020161c672ab5e6a58c6a4e212bf8e485cd19c6b.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2476-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 c90e9cbdaf74f86777321953b599a203
SHA1 e372c5cd652baca787a026e404913e30c7125064
SHA256 e98f1fe2ca68b6756d5b57325d53511f838c7d38e0b3cc2749f5752aae416e05
SHA512 fbabd3025b12eedb7a2119113a40d2f18607667accb89cda4773ea9792fef62a30c4556ed2bd85ed6c2360e25c8f01c79f3491e0e87d02c9edc1f7078a74dc17

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 dd7405cd96a7055397bdf5a83bf4216c
SHA1 6d09cf9a609fcc9bf4580b6f8a4b57a032f64b71
SHA256 970ec960d66a96101b40b93d1fe39004e4b47abd819f56ba6c9c5333a3a4920a
SHA512 584cf3a42043dd8a757c40d33fb624efb57bed5626c7d48c701ece738397e303bed22e8c2eeddc1bafcca4fa6f990033b07d9e2c20f61e184d503a2a312afb34

memory/2476-1222-0x0000000000400000-0x000000000040A000-memory.dmp