Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-ejt39swamj
Target d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N
SHA256 d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7

Threat Level: Likely malicious

The file d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3410) files with added filename extension

Renames multiple (4644) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 03:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 03:58

Reported

2024-10-16 04:00

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe"

Signatures

Renames multiple (3410) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\TraceSkip.mpeg.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\DVD Maker\offset.ax.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe

"C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe"

Network

N/A

Files

memory/1764-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 9a2cac8c09453f5568f5da5f83a0aa70
SHA1 275f5f5955bdd696929941437973c3a6cfeb7a09
SHA256 fc731e254d4e151a10f3f1c1ef97ea486e00f4128cfa28edb82e88994d3aa3cc
SHA512 7aa54f1d5de5d5738b9633a9a415497666ea588323546dfbf2b3a461bafdbbc14407e34afde9afc2da02da20550facd1325b1a82ff9f313203d9c30546da08fd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9e57538d4e16a6d9af8f5a287c1529e7
SHA1 f9f788588e20ff000df0ca6a03cff0f9160d1c17
SHA256 84b3f6f573a45cc524327678d7d3c07c53cbb670030d788c25dca7cfca511a92
SHA512 54b8e9c6d2a1d8076c9c2bb56f0e84b4efd14c62caa7fe7debf1f43d1272a68d7440fbf12fd4c7bcc7812d72d55eef9d6b5a4fbb52676d0590b0ef718bcf5e29

memory/1764-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 03:58

Reported

2024-10-16 04:00

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe"

Signatures

Renames multiple (4644) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe

"C:\Users\Admin\AppData\Local\Temp\d5bdef205d2881d1ce1af2d9896150b4f24892e7b907947a4c0c24ee88261ef7N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/2444-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 900bef4f533ac0f88290121f5563fd7f
SHA1 883a65c95a3f0077179715ef16437e0a3b8d7a26
SHA256 1502c47541cc213dc33a6c2c69c284e0d8435bf6887bfb79591bbf6e9984f3a8
SHA512 e3d344b344de588db49e524d1625e59b96b32d3d7857b51ac2acc61c622829c935c20faac0f157c855010b305bd086dedde846184d38312fc16636d67be31fbc

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d1fa18ffd6fe3af54094a9e1276f861c
SHA1 1f6a27861c915092cf4ea554fffdcbe197f809d2
SHA256 bc4f0d12bc0f006ce07300a368eea9e603499bdeebe5d1bc5effc25f7abf90a3
SHA512 87704ad9747cfe38aedacf628394e9a6f7e1cb706199db15d40b41f24dd3913be2d8720a4e127ad6f8403390b9ef0bb0ba05eaf4f84b5bf32d9892b5a2e2e456

memory/2444-787-0x0000000000400000-0x000000000040A000-memory.dmp