Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-lc5praxamp
Target 2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN
SHA256 2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9dd
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9dd

Threat Level: Likely malicious

The file 2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (445) files with added filename extension

Renames multiple (4658) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:24

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:24

Reported

2024-10-06 09:26

Platform

win7-20240903-en

Max time kernel

120s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Signatures

Renames multiple (445) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\AssertPush.vssm.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\EditSet.ps1xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Network

N/A

Files

memory/2124-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 ba82d5ff92b6fef53169b408668ffd69
SHA1 d8d307ff29b28530151f1d38aa95c5a863c9b5b1
SHA256 6e253906ce0a8073be009e8a15375f06c46ebe3cb1cc498f9511fd94d7de4eeb
SHA512 7c39bab62dadf9eb7fc48f25b4cbcd2b534839a19c75493112fcc303f1a008fe0f1e2b3f39dced59bb1743ba894d03138ef57ce17950f563909a9c13feaf6d8e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 aa0f730e1d95aa9d09ca7a689b011634
SHA1 6e32979e21d2dc7b1ade9480a1b27f11c403d229
SHA256 73d797b23506faf4f50cb76a9431fcdf67e7c2906b08e43aae6682d61e36fb5d
SHA512 ebea5ec812a1076a4d85f595170702534166aeba8ae8c353e8df226e54389b2fd3883cbbf6c49f43f8756eff8451e9bcbc8310afbc2ef6c84778eaf5bfd02075

memory/2124-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:24

Reported

2024-10-06 09:26

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Signatures

Renames multiple (4658) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/1020-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

MD5 e0a73aa3d35437d33ed77a0892e931f3
SHA1 37a666056d110d5b76072a21910101dc764390ca
SHA256 e85bbd3cf10a44816d3d2113eed5f4ebc8fccf7429346884796c49838e654bdd
SHA512 d0175b63fcb4b2fc45ddcb79ab77174a859a6737d7ee1bea030ae0adfc5868fa32ebdb841cef4672c74f969b3f4a0634920acca4c5dac6623b8f140fae05e6a6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 99e1b927c558c0391eef8e83a9c90ee4
SHA1 337d1cd2c43794dcfd6f366b44bf617464359d79
SHA256 6bfc3bfebc127522f9f5ed47a578ce4a01ef195605c75289edc5dd13993da647
SHA512 8f0b23a25815d20beb9c38044b38cd6d5e10edf18f9fa9a2070bc255bb99ec93640c7f4dec3b0c52585ed4a53c6acbaccac5b0667e2218ffc6193e2f5a879791

memory/1020-910-0x0000000000400000-0x000000000040B000-memory.dmp