Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-yfdrnazhpr
Target 292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4
SHA256 292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4

Threat Level: Likely malicious

The file 292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4873) files with added filename extension

Renames multiple (3546) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:43

Reported

2024-10-05 19:45

Platform

win7-20240903-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe"

Signatures

Renames multiple (3546) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe

"C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe"

Network

N/A

Files

memory/1732-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 7307082e7b7cf957a8bcefc85150b93a
SHA1 4a709054de8411f0de2673863953aa7963dcdafe
SHA256 47ec37f6c98d56963f18819b6fcc7495eb0960361f36f87b271aeb84b6990a88
SHA512 b27f1566bab28784572dc7a720cd4b99be8d37128667fcf15d469b9d737d5467e83fecfde0fd4a463b4de496cd85d7ed69a8d1841d9f7d13da761ae74dee57ab

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 00e6ef2c914cf08381537c968d6492a0
SHA1 ce675335d7c2a175f347d899c18247912dc9ef2c
SHA256 cf2662b966a114889db4a858c31c11c111bd1308855c4af65c10d4028535237e
SHA512 e9e43b7fe39194069d733e6f835d8879249a33db08fe221021f066dc52e5b9093528c4e5ef7887fea216f40088521738542c02764252e8850b321f1947eaad1b

memory/1732-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:43

Reported

2024-10-05 19:45

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe"

Signatures

Renames multiple (4873) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe

"C:\Users\Admin\AppData\Local\Temp\292f124006eb7133136f35a3981736660f14817d2f767d543b13135ded5ca4e4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/768-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

MD5 365ad87da6588e31db2d6a1bdbc9eba7
SHA1 94b3ab35346f10387d4295eb89a1b853073fd1a4
SHA256 cebbacb0a8e356eef9a3f44cc9d9ef509fad716e2c941c6136022dcba0368db6
SHA512 c7ef496b9fefdae73452af3ad0e0872b8dee6a0f02df8830680005b42a774d590aef4465c703ebf0270e4d2fbef18daa73301f66ac1728c17380c5847b06586b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f0a3371f7242d0154ce216f458c4a3e2
SHA1 e78aa412ffeab1740561aefbaf3469db15a63888
SHA256 84c1b1993fdedf4dc1d365409f354d26bfb6064f38f8a5ae13fff8e93464211f
SHA512 89a8080567ddba9ff6d9c978b8e03130d6fc27359040b06aaa6a8d3b46ccbefee4c322a4bf8341ce6898903a6df8406711eb67aee0d446983a362deff2e873e7

memory/768-816-0x0000000000400000-0x000000000040B000-memory.dmp