Malware Analysis Report

2025-01-22 20:14

Sample ID 241016-1mjmlavckd
Target 0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN
SHA256 0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdc
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdc

Threat Level: Likely malicious

The file 0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2818) files with added filename extension

Renames multiple (4030) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 21:45

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 21:45

Reported

2024-10-16 21:48

Platform

win7-20240903-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Signatures

Renames multiple (2818) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Network

N/A

Files

memory/2656-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 4eed2a52d121717920f9138449eb4b48
SHA1 1d825be7f3bd4c2c5326e2f5b629ba17e820971d
SHA256 07c17a7802ec5d1eab1b41cc4314755f131a75998dae8b980d0c9a3ff165a982
SHA512 98e1df7070116130bf023371b4ea1ccbc64896b05a3430a9a8c05e89e863ca9f6f6c091ac49fc54820be2001c2e555aec5c618f1290b3a10c07041f0e59d7baf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3a883e336deffd8274caef0dc0566a79
SHA1 f0f4449fc14bfed4ea9cc6e0130d45b4e5290427
SHA256 fa01847d104610b77a1549cc2aab29def2d9218f931856f11f1773f76907de76
SHA512 32facf5a864c4d2b2670aa89508e220fe245b597118228cc36a445c7d40cdd8eaadc5da4cd1ab75140b75c9f72c5799d51d3126a528a4e8ee44d0a99f91736d6

memory/2656-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 21:45

Reported

2024-10-16 21:48

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Signatures

Renames multiple (4030) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\ConvertComplete.emf.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3976-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 dc261dc92a08e7da548ca35afc13a765
SHA1 afaa29445b38693d01edc97ede011042440f0ceb
SHA256 ec0076766bdccfce3a85ea170c46adef68018bc147f1242444ca56799654817d
SHA512 109c5338c553f0c4dabe4307f867cd01e161c58b9f92c66603b23b78232d2ac70bc8f450e64a51c92fdc35aa8f652395a63d96892c978918583b5daaadb49341

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5ad77a074b21338eadbb52b8bca06f91
SHA1 d4b6773bfe20b918b1952c661894c058ce8e364b
SHA256 57cf9abfc19b5b1a9d879189f349e27e6cea749adef74fcaa679125772e66668
SHA512 d5dfeef9dea0a65eaab15cc19b588e9cf9771da1395f5b752a6f7ae076d5a152163e2555390223a18cde9f3e5bd092f0ba44f0f07242fdd55c99095ea5379ad0

memory/3976-648-0x0000000000400000-0x000000000040B000-memory.dmp