Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-yhcx5svhre
Target 2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe
SHA256 2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51

Threat Level: Likely malicious

The file 2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3824) files with added filename extension

Renames multiple (5120) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:46

Reported

2024-10-05 19:49

Platform

win7-20240903-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe"

Signatures

Renames multiple (3824) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\GIFIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre7\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSSOAP30.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre7\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe

"C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe"

Network

N/A

Files

memory/2400-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 98f8cd87c5401be067136525325bf5b4
SHA1 f9041eb3cf3ee9433e5da5ec6c27047f569a19b5
SHA256 f0a86b656539ef4c37f8625cd1a328d991f06541cb3972c8a43a244d8009d726
SHA512 903d9a11f9dbff5c187fe20d51ec697c390ec0ccffbf554330dcb123b55999b05a07b346aa66479d1ad4efe4192db44d01878e60ce71d409f69b1817f6189b02

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2218429b188f9c87b287a21bb268750e
SHA1 a3d2220889bcb1bff3272704d7cabed79fbd2cbd
SHA256 d6e6f584ff152208a6b39237ee2ed312f9577ff29b8c89bfae714794808d12eb
SHA512 53dc82dcb672f8b337b51e947691d1b0411a0f5793d73fecfdd7ef63831e99a0f717d6abf5d0fd18121b63bdf008a897f5555c974c58f469cbbd584eb216f264

memory/2400-74-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:46

Reported

2024-10-05 19:49

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe"

Signatures

Renames multiple (5120) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe

"C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp

Files

memory/3852-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

MD5 550c08436afdb78cfff9169ae8058f64
SHA1 10d3d0c7ed89ab39c4d09aad85eb9a6a384acc43
SHA256 1cbfcc0967a987084027da88c56f46caa13de152a49d87f0bc8c17fe6e03a054
SHA512 95c06f6b079695c1b2fa8711d536993c3c94fe341e075d58701d4e30e739d133171bdd20dd75e6057e5a5ce0fac41981de7b5a882a072435b76997ff2d220ad1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b2b90f82542556ece3d96f436f831410
SHA1 8be1f15a4b0a8d1013a97842bb946569afeddec1
SHA256 11f31186277a2446b5a36886bbe04c8a295b34a56b74305990e98d51c2348827
SHA512 65452e342a470ff9b97f0fb392cb30e9b4fe192198c7339d438a84fc6dc15d2b31a5a10b8ac9b57a58578848ccc88d30d11fcfaefbf6d3b1d1fffbb33d1ae6be

memory/3852-922-0x0000000000400000-0x0000000000408000-memory.dmp