Malware Analysis Report

2025-03-15 08:14

Sample ID 241016-fpsm3axhnq
Target 25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N
SHA256 25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136

Threat Level: Likely malicious

The file 25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4631) files with added filename extension

Renames multiple (3164) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:03

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:03

Reported

2024-10-16 05:05

Platform

win7-20240708-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe"

Signatures

Renames multiple (3164) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\bin\installer.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\UpdateConvertFrom.ppsm.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\RemoveCompare.zip.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe

"C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe"

Network

N/A

Files

memory/1972-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 ca8963610749d3a3625d7b27b677b754
SHA1 49136455204c8246749253ecd20ac635b4d64caa
SHA256 739eb97d4069021e7fd7f33585dc5f6d9eaea528cd7c1e3efc73b817ab7f855f
SHA512 5fc50bd192da300d0e34a089fce16e90b6798677ac7c24522cf7270c94a2b260907a93162d9263e2ff8137032eca77667fa8dfb670d89962c861bf7c4d3136ef

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bf0ed7a24e8c3e5b17e8402e5a1475c7
SHA1 c574cbebc1c0d03e6af07dd14ebb0bbc8afaa6fc
SHA256 2584ccc32240911a832aea28ef3331395d7c6343153a86953b9d8b6e3becce0e
SHA512 4b6e9ddd112a18fe2bf2fda5733fd0a26bd0fe30f3a094a9c99dbe9ba9549641738b5323bad31d74d958ddbd28149f56e22fcb6a21302ee63a3c0c1e34348764

memory/1972-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:03

Reported

2024-10-16 05:05

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe"

Signatures

Renames multiple (4631) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\ImportBackup.xls.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe

"C:\Users\Admin\AppData\Local\Temp\25021329468d62fb2a64646e94e062de280d242c4737da0884492d575ffcf136N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4344-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 b6f535ad3a4c2238ffa068e6f3508bd0
SHA1 9abf64e10ff6f8c37d334b5bf5a4a0b7d292d9c3
SHA256 9942484ab03514c2816be5503a700e82a753584d52c961f8833773024f6f81a8
SHA512 3e2af0d19bc090484d23c6809c4663ec98e9f9040df0e58a169d978a23ac3491838ef2b4078e5bc36243cf2b729783cf87064ed7d099a1020564e47c0975fa1b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3eae4b447a2a983db7eb55de2f108349
SHA1 65a5ca920d04007d342989b8e6e40dcf9186df39
SHA256 428f38f295b112043c1bbf13480262fdef2ac385ee9c619e157162258777cbf5
SHA512 0b7da752417b1608f9f0d8544adb375c47789dd055ef9b2bb14616a5b20befa5d9f4541efa7c2f10e02196d260bfb2f716c649c83d673e19431cff2274600504

memory/4344-764-0x0000000000400000-0x000000000040B000-memory.dmp