Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-lkrsvs1epa
Target 2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN
SHA256 2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9dd
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9dd

Threat Level: Likely malicious

The file 2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5191) files with added filename extension

Renames multiple (3529) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:35

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:35

Reported

2024-10-06 09:38

Platform

win7-20240704-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Signatures

Renames multiple (3529) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre7\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Network

N/A

Files

memory/2880-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

MD5 e70012261586f4482789f37d8bb2b209
SHA1 b89a95dcb26fa1fffcf99ec8162c03f5aea858f0
SHA256 fc8f034b347ddad92fe94c251118b46fc393744b6b46042f1ef1f46dbbcd1f4c
SHA512 8ccd4d4f92ad864623f26042b700004baab4d2beabf5763a0935fa187599ef8f9df1e9332a74d93963eac729a467e4323a9e609e0098ebc81d30c2db81136e82

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 859e58b5ad8ec4f063f6bfa463efa316
SHA1 3e90d1a77b870eb3c399bab59b0d8e3b5bf980d6
SHA256 66d16de300d1b2e786f4f1c1af2a0a3ad05cebc65421229c170f9079128c0936
SHA512 f531861b9f2758f96afb99798a0ede2adf2e1f65f01e04c0c945c373ed3767700edc05c6b6140b794460589fdc279c1304faab92083e7bd929969806b6f9bf5e

memory/2880-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:35

Reported

2024-10-06 09:38

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Signatures

Renames multiple (5191) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LHANDW.TTF.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe

"C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/3904-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

MD5 4eac5e183e199e92f7a4ac19706f37c8
SHA1 94afe3e34733e7115000c0ed2b49856ad975228d
SHA256 0402d90609352370ad1c8b9587ef968c97b6cc0e31008f963d6d13e3e21c2c2e
SHA512 914bcf799f7410ce766b3c2786611e0c0fce3bbec03c230636410a42233051acc6b2b9d24cd9120d30c68774cbe753c997b8cdf4c155a308c2a67a37050b19b4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5705fe6fccef5fd8c73c3466d2e9ad71
SHA1 247d181f23af7691071b32aa0539df07acdfecc6
SHA256 309425de42f5c98363c604c9816d66c2a00a0fcc7bd755594e5b9fe93ec9005d
SHA512 f032771b6d491da5f9ed503f3e1a58ab13351074b5deb991d28637af70691d85e265dc97a7ca5157f5ff746f84f307ecb9e42d0cf2ab26a436746dfb1ab130ee

memory/3904-936-0x0000000000400000-0x000000000040B000-memory.dmp