Malware Analysis Report

2024-09-23 04:32

Sample ID 240614-fqe4cswcmb
Target df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b
SHA256 df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b

Threat Level: Known bad

The file df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (5042) files with added filename extension

Renames multiple (3503) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 05:04

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 05:04

Reported

2024-06-14 05:06

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe"

Signatures

Renames multiple (3503) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Defender\MpOAV.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe

"C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe"

Network

N/A

Files

memory/2300-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 3ae2750eebeadad1e598cbb8693e6046
SHA1 3e44d13c51e53741c4f853042fbfb0412c7244da
SHA256 6a78fbc9a2fafcfff2c0f2349fe12af5f871d91d489e8a2e283f84846e28d0d1
SHA512 d367c0b395f7adf3b333a22e967e1fe07b9c9c64f742aeaefa96b9ac6d810ee3162bdb2d43b20931cbc9b05848d6c8b480d44996fa50a331822b0792c42bc9b7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 43b83c0fc51b1930418cca3b433360cc
SHA1 772a42b558687fae79d562cdba35f34f600f77c0
SHA256 76cec9f8e7b25d917874217616e81ba9ac077e7b41a00232f1c776351e4add6e
SHA512 b358fb67dd584d9c57eac3d897cd7552a6245b720fcf9ee95dc52ed7fbef403335ecbcfdc7ce09de484beaac8017c8fc6a5f37867db5cc7575feb7bea6e0257b

memory/2300-650-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 05:04

Reported

2024-06-14 05:06

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe"

Signatures

Renames multiple (5042) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe

"C:\Users\Admin\AppData\Local\Temp\df3d847f2b99fada3449bf906b10038211fb5169303885d9d69d35ba946ee69b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/3796-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 13b53a79e00af8456bcdc3b1f1e7d255
SHA1 c56e01943aea4589b85f18294c1dc6b1149a3801
SHA256 c6cee7df903a7208be36d56d5ab525e833d30d42dfb69fb25960468ba5eae78d
SHA512 3a513b97b966c1a68dd55b3779ac0f329a3a511deb2f9e0e3071643d269e25063cb4c22168ffca83d9923348b41ce1d15223a2faa80b82333044df39a3e62c00

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7789797a7873b3edc11cb0a344dae7be
SHA1 61010473f933048bf4c2a8d55dfccb2479ab7142
SHA256 8e112813d5426da41c0a76d1f5763717205a2e6ca2b09fdd0a6cb762d04dbcaf
SHA512 05db6be9b460a8a6c8e97b2e681b2fe3abe9661ac566981995ecf0554e174d92e5850400bdb8b2de3a56f102dcff9b1d23775689c7b6c303f1688a78e494bfa7

memory/3796-1808-0x0000000000400000-0x000000000040B000-memory.dmp