Malware Analysis Report

2025-03-15 08:14

Sample ID 241016-gxddsawflb
Target dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15
SHA256 dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15

Threat Level: Likely malicious

The file dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3457) files with added filename extension

Renames multiple (5016) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 06:10

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 06:10

Reported

2024-10-16 06:13

Platform

win7-20240708-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe"

Signatures

Renames multiple (3457) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Mozilla Firefox\update-settings.ini.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe

"C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe"

Network

N/A

Files

memory/2276-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 f0dc549bedebab0f5f7174db8cda6673
SHA1 00987d89d9b8cb7869bb03b811e2b79b8aaccc46
SHA256 6e673e97a757d2ea86e37554d6557756d2462183fbbc35fb749627014be3ae02
SHA512 8cc73d0e427e5f5347e327a08afb90ddf8c595f2ee2e6463794e88bd147210a017ea12ff778235a1690e466362442987679724b3bef9fad244bf8a05c25dbf63

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2efc667a47374f2e30d56976654fd569
SHA1 5681457160013369ba1a7e8140ed3ce577c423e7
SHA256 b21dfc80f7c6b76f00c1436a9a4a9521eb341011752c7908ee33b4bc61087edd
SHA512 5aa253776c2ad7319c8243cb62700c50bb503774d98d8d9a9720a00062ce6f504025e60d47e4bcf01459770971508ccd7ada4467d6cd177993eabfffca87f606

memory/2276-72-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 06:10

Reported

2024-10-16 06:13

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe"

Signatures

Renames multiple (5016) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe

"C:\Users\Admin\AppData\Local\Temp\dc632b99409dd382636cf4cdc458dc6896f25f30000e295001d9d8c373123c15.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1688-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 eebb3630ba5ddd4b9eca703ed39730a5
SHA1 e05a22a0f745110e504fa54e5dd664b07ab0f06f
SHA256 48616606e30a947fed11b12eacaa6e1bd7fdbff81aaf91424bcb6ede0f49b9ee
SHA512 2e79e793bd5706ad7ec0f6cb34126aad7995298dec2c2d85d48825f14327ff55cf8a9c9683b2ae1af126ceccaa4bfc40c6787b4fd5fd7fa8ca2471e6dcb8146e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 59cd923b756a90e00191010fc2b98319
SHA1 0fa1aea84223cba012f0c025637553b15668cdcb
SHA256 8c28ea1e16a6b97b9a00f7eba2ae497bdda150244c02f5919345621f331e8b02
SHA512 0fc1ea876515d02a85bf67cd35330b2e6f8e8e3ea966007b9ee784bc5b9e477a7f7bc934a072db6c91d436c286022a3bbacd040b0c271655c7e53fe4a55176f9

memory/1688-782-0x0000000000400000-0x000000000040B000-memory.dmp