Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-yh272awakd
Target 408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N
SHA256 408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0

Threat Level: Likely malicious

The file 408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4658) files with added filename extension

Renames multiple (3197) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:48

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:48

Reported

2024-10-05 19:50

Platform

win7-20240704-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe"

Signatures

Renames multiple (3197) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\StartUse.vdw.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe

"C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe"

Network

N/A

Files

memory/2692-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

MD5 53be96e722025e583fb0d97b594c7838
SHA1 8da59f640b005d9490540a5b589a2e1c7d55b801
SHA256 48b8c84eebae9e51bbfd0b09b9716022923e4e9b7d9d4e4b5154b0beda9d3aa5
SHA512 30b3ba732018ae24326624910147ba30c41d7398b011b6f3be6fe1c86de7a7adfc9e69e820286a1e239ebf6631a72b0bcc9011dbaad11ecf975ccdb3000512a1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d36309071fc8b804b554a8a168d782c0
SHA1 ea2afd3b71ee5f01a5c5c0e65e9a8d1474b87fde
SHA256 9e054d9264ee893c26b64032b3a561e59fc68625d9d9755a509487e5821d5d4e
SHA512 51ceadab454da597450eb89f09cbab43c1f3bc10b7009c73a6984d02d5ae04a0bb12230d5d63618458b8b3238485d97b8061ca12084770babb217f4c78018074

memory/2692-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:48

Reported

2024-10-05 19:50

Platform

win10v2004-20240802-en

Max time kernel

119s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe"

Signatures

Renames multiple (4658) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe

"C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/4440-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

MD5 4198cefb79f64321d0ceaded860d198e
SHA1 935df28494dea4e2fffe444e82d1dd66564ebaa7
SHA256 69d83493e1d99eab758a70e6506f3eb8d54b3d9db6e135927dc24b1bc0046934
SHA512 3b1a4c58f802c93dcb1e20f8ddcc4fa6a33021599f4dfd139796350915900c2ce65b4866e626a1c696e57694730af7430553ef185f086e69dd8f57a665b48271

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1b54db2a98821d87bcb66549a9bf0766
SHA1 b93feea5d82fdf903612016ea4512aeeb87047cb
SHA256 4eb7d7f8fed959180599a46af7618a84392bacf086b3b597787e18f5e7b29b33
SHA512 7c11c731ac44b4dbf1fad94520666388911e106691b3f88387d82a54228844ffbda7da421eec92a026e46263c0ad29983088c9bb427206f6e25f798eee4b9151

memory/4440-944-0x0000000000400000-0x000000000040A000-memory.dmp