Malware Analysis Report

2025-01-22 19:33

Sample ID 241016-1pbd1avcqh
Target 0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN
SHA256 0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdc
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdc

Threat Level: Likely malicious

The file 0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3435) files with added filename extension

Renames multiple (4719) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 21:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 21:49

Reported

2024-10-16 21:51

Platform

win7-20240903-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Signatures

Renames multiple (3435) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.ini.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\RedoClose.ocx.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\PingResume.css.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Network

N/A

Files

memory/2392-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 b1ef785939edaa7705f100531fead07b
SHA1 2e7f73d20a5752121a9c9c28fc84fa4c13e2aeb7
SHA256 486cc0951a1aafd951acf672536628465ef46d8711db0710043dd3968f8d0744
SHA512 044bcff9354b83f8b23be7ac4f1840f966be11a8bd9918d8b2044fb1445a0d9d4c4072e07ed388247ba0454d7205eaa6ec3b8a8dfab42201f940ddaa210d055d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 da51a3aacb71cf8ebd7753b1e6b63172
SHA1 c85fe6fbf2d3977ad735c77f95dc81a41b697f58
SHA256 e4baa70949a63005643403a45d01a8b071d60171e6cef8d3a2b1fb6d48998540
SHA512 b843fe6f567f13b4c2df7f05282594d9e33773ecf55492f214a6d2880d892ffdaba3738444c781d2c156de3b3e3f6b7ab473c07de70ae6f30b33e07092839b67

memory/2392-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 21:49

Reported

2024-10-16 21:51

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Signatures

Renames multiple (4719) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe

"C:\Users\Admin\AppData\Local\Temp\0f12fefaa09a18e9e2fd85f8c82739620dc1b2306dae4176f9e0aa476a7f2cdcN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

memory/1384-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 8767f4d3aed8b7d05ed99e6e3efc24fe
SHA1 271f0394da396a55978038a5dd33df542793976e
SHA256 fa148aa6a5bdc4a095cb42c79f605981ba7ecb8e955783e433381d7810a0cc30
SHA512 7fe26d6041fe259d71674252042e5c68ea484d4d5cc2bf6c05e378da33796cf6b30f322db15a5abadfeacb4fb7a7d39a88885e3890cd2e4ab846f621f853d45a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8dade6b7e660eb68798f7cfbd5fb8b60
SHA1 12ef80764a1c82cd7e1eb464e8430506bc097a6e
SHA256 2ced1df14aad03905a3709ce3513cabfe53166d552fc2587cc4d72766a9a6016
SHA512 e570d64bdb55a1296be47e35c91b2e0e65558085e0c8da5185c8b4163b9a43f8a29e5108f70900fdf629c7327c4880d7c07905d30b8fafa0e89b49a009b56a3a

memory/1384-654-0x0000000000400000-0x000000000040B000-memory.dmp