Malware Analysis Report

2024-09-23 04:32

Sample ID 240614-fhxcnszckn
Target dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a
SHA256 dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a

Threat Level: Known bad

The file dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3430) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (1552) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:52

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:52

Reported

2024-06-14 04:55

Platform

win7-20231129-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe"

Signatures

Renames multiple (3430) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Windows Mail\oeimport.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe

"C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe"

Network

N/A

Files

memory/2168-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 a4d5bc6b7b9099513767be178994f29b
SHA1 3826a7703601e542be135b6de1846e53b9983e44
SHA256 e7ce76bb3052b410cea544899809e85d5b62ddcab3f0eb9b36607f5e6dcaf17a
SHA512 d65f00f7507a6ee7fe45876093f8d5d2ea8e849799894be01166e2617011ed4d7818a67b66891bfe5976160bb12c4f6f8e5f1871dad1d61106f5a05c31aeb895

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 22225576437c5934aa3764c15cdd98cd
SHA1 60aad2a2326641acdd7b4b75e05e9aecebe0f2a6
SHA256 39376c86b702635de8dc6bbc306baeb14e2ceaf17bb4c83f2363095aab071026
SHA512 ea78688a2fc0753f3a73699c6a7ceaa88bfb8630afb61c2bf13d465688281227dd122e18f6931b3b50640cc38b216742176e6f4bf43ddffe375d2c9d04f25edd

memory/2168-640-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:52

Reported

2024-06-14 04:55

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe"

Signatures

Renames multiple (1552) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\ExportSkip.temp.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe

"C:\Users\Admin\AppData\Local\Temp\dbcfd1a65e7eed119bc380fd62b017f2b2ab7f46fda83ae388dacfaef3e2a54a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4148 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp

Files

memory/2388-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 dc908c0ec1200106c9c76a6a1ffc99a2
SHA1 b373a2d20135d38cebc973c6454330b53a8adc05
SHA256 832bb022439784570662409e14ed928d769673c4de9ea1273a856c668415b3f4
SHA512 06c4a46dedcb857ca04f603b45d2040cbf74b3ef096a692aec4cc69a2e66c6c1afd2444fc7d27b7c502af1258ce2333e0dc0ee83c2cb4f4614f519820438596e

C:\libsmartscreen.dll.tmp

MD5 72df825a9aaece85d5fe8e5dafa36759
SHA1 e3afe143f45aacad1955c4813cc063ab9196f7e5
SHA256 11e2269db34e1a12ca3eeb205b052bafa1d8b215f825b24deaab043a8e7d92bf
SHA512 16ea50b7b3f084b96fbc9cbdd827d33f20a338ea84da2918f71192345d5ecb7a688b709cb0f98d781ce024c8a80c4274c27d1561a0343b1201aa06bc5f9687d2

memory/2388-432-0x0000000000400000-0x000000000040B000-memory.dmp