Malware Analysis Report

2025-03-15 08:16

Sample ID 241016-d2aa5svbrl
Target d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N
SHA256 d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490

Threat Level: Likely malicious

The file d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4648) files with added filename extension

Renames multiple (3203) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 03:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 03:29

Reported

2024-10-16 03:31

Platform

win7-20241010-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe"

Signatures

Renames multiple (3203) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\FindSet.m4a.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\MeasureProtect.mp3.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\InvokeRemove.search-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.cfg.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe

"C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe"

Network

N/A

Files

memory/1600-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 67a6b8ff1ec40ceccae2c983170f1ebc
SHA1 7c947e7f600bf38bd00a1bf41048ba99adc7e62b
SHA256 05ab568e966419d0ca4a605518c2b0255acf645b6b80f581c7253891dfb0adc7
SHA512 683a3f4f1c8cf075f015160df710b799aca8559ed054403f31be2c7c32381fcdf24aef44feb95ce55b5fe3acd98a4ee80043af124fe3809137cd14ca712f1e71

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cc7e2eefe68c21190f14cc764181940f
SHA1 4350220ea4a19fb97ef6e1d6420e4e6c4ad40be0
SHA256 b1725d748323d77c63a37a2efea6c1dce09e8c830c036ef7790192c3d93eabe2
SHA512 9627dbaf372ab75e4c6200d6d4fc0dcffb795dabd307a50a5b9b66407b209d7536f55f316a6b7cbe05ea28fd1545a0e7396034577c5087b8a2bf2ac9449f2393

memory/1600-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 03:29

Reported

2024-10-16 03:31

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe"

Signatures

Renames multiple (4648) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\CompareReset.tif.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe

"C:\Users\Admin\AppData\Local\Temp\d3b8be3e55dbbc13c8168da1e79de70f9d397826d8c6ea436b086d4aabc72490N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/1648-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 2785c5095c13ee4ea942b79be97d489f
SHA1 2593805af1da92e248c3703db68c3dd0899202e8
SHA256 7ea1238f33e07333fef111e62fa11a55c63199992519a5dfcd75f843a2795d6e
SHA512 343e46f69e77e508b307e4685604aa94ce09ebe757e306d0e04497706b26fea3fa5273781e80f147207e450bd6616e3b89b51f447e543b3193d8feb6201c9de0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6c5a0371598006d2dc8fcfae44692845
SHA1 a2800721e097b9890a59cabfda1b2f0fc5a40c79
SHA256 fe2e81043e30a46c8a374382c8aa2283535fd2f26c692be5517e902f352febaa
SHA512 8873249701f488cf6fa33b5ba99b13a648c02d56347946382ed34c1af0d19f4674df59be86238c7b5c6f4ee68f7d7a9cb06b3938fbddec932f88f056d9096264

memory/1648-778-0x0000000000400000-0x000000000040B000-memory.dmp