Malware Analysis Report

2025-01-22 19:57

Sample ID 241016-vn5nkaveln
Target db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN
SHA256 db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0a
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0a

Threat Level: Likely malicious

The file db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5196) files with added filename extension

Renames multiple (3733) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 17:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 17:09

Reported

2024-10-16 17:11

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe"

Signatures

Renames multiple (3733) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe

"C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe"

Network

N/A

Files

memory/3064-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 c88dd2e72d67d9a156dc26050842e580
SHA1 28a0c56ff52b187977a6932c7a34ae9ff33b0842
SHA256 f7d483f5b59c6de3905d2f4e4b14af2fb5665351b3078314399042ca91be51b7
SHA512 d5d9f41025b4cee1db758d028eed85c10ebc2fffcb460788a2025f9def4259c0d0d3edd526fc8193de621fb6c53a8dba10976577da590b7e19d93a08617f063f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0a3c3a5cdd23ef962b35c14b94587c90
SHA1 7581c2b65ad2592e33ba6c3aa648adadac65e7f5
SHA256 3fecdd7b77cd273fafa8f2def28e4f5e9f542262af3415fb228c4759ae4eb429
SHA512 6df3d1767c2ff825498de427f40e35b5b6224a1f58678a6c1bf687867e2c0d6c775b48a63773cc0c39ccdee7f57f5239e1cfe6cbd7d4ab996544820aee2c30f6

memory/3064-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 17:09

Reported

2024-10-16 17:11

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe

"C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/4856-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 b6b71282eb44b299cab82ff077d3e491
SHA1 e7dad9f366fe6e449543f56532464bb600d8676f
SHA256 9f32e5cf6751e3f20a712cfa7d6e1d13688154761477569834c6bac7b3ceeba8
SHA512 885455ce77f18c7360d2d3f8aa40de13849c73bac80374c3345eaa0f3bba70c571cd097e760a46a1e287078c610e6b5995c2f5b28954d81a4eb9576141388200

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d7c85d1180c9f4dfac88d2f9a68b3ae2
SHA1 eb2a3a3549dbb456efd20cb69b556b895a2ac11e
SHA256 4706bdc9266b27dacc20cdc99b41411ccf8573a77b4ca6d22d36b72419a03560
SHA512 2d700c81fa2311d9d1e8a2a25e8cb54a5e3f44ad8d8c6e8df3ceb72d3055a3f9dd397d3d9add9e2d59c9b4e5a071debf15bb872924499e30de0443c364a006d6

memory/4856-668-0x0000000000400000-0x000000000040B000-memory.dmp