Malware Analysis Report

2025-01-22 19:54

Sample ID 241016-zcc7ds1epe
Target d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N
SHA256 d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356

Threat Level: Likely malicious

The file d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4638) files with added filename extension

Renames multiple (3233) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 20:33

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 20:33

Reported

2024-10-16 20:36

Platform

win7-20240708-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe"

Signatures

Renames multiple (3233) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\BlockLimit.pptx.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe

"C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe"

Network

N/A

Files

memory/2904-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 7aefcec430078aa962b2a3dfee20c9cd
SHA1 1d247dd4e94b72ad9e144c72a3f2a01953d54d67
SHA256 bb99efb0f73aa1c448ce63f4ea42f9a4a469f3d1cfc8b369560e3e5e95beeb86
SHA512 81fed846fbc916fd0ec0a482be1ad3fb8b2ee79f3c1acbd0d13c20dd63bf673aa802345fd68d04435f0aea5ac1f9f2bc83f5e4b6d5d0ca245425d54a04041c5b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6f5c6988144e9db45547fa1e2d9e3caf
SHA1 c6f00d9f051f96210b823daa296f3d41ae824af2
SHA256 a4fafa029b35e906643270440f7b9fccc558f5b94d23848333b4ccfec11e5501
SHA512 704ff13127f2f24482d327df4d122854db66793c98fb6d0084596f3952d228df34f5906970afb041f09d4badac6cf6aac597b9278a66f21fe66c0bc56f398141

memory/2904-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 20:33

Reported

2024-10-16 20:36

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe"

Signatures

Renames multiple (4638) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe

"C:\Users\Admin\AppData\Local\Temp\d2bc85488f4c7307e9a8d80eb75f106b87f15e65292c55f992c7b6977c576356N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3280-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 fe5c8521f17e4b6e7c3a6f8f20bcc306
SHA1 d08d0613157d8385c394d09c8f3fe0014081483c
SHA256 aec79dae0bec8e578ea515699376771ae13806ad2ae137fc55ff47bfc5d25346
SHA512 f2b69ab1798854398343f2527ed4f23a6da7f63801a6f0253d70dcac4f3bc08fc516039b432eeebefcb1920e6c127adb14f2b4597c25c7c41b6d97301f381642

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bcd8b405a8374cad60314ccbe381ae23
SHA1 0a5d3851d6784999ed202d6ac95c77b8204e7e7c
SHA256 010c090bd5d2a344726622c9d0e900217bf4a9b0da6bbdfb301d2279d7cc4276
SHA512 5d69c08f5ded8ef56fb31e6f462d121b6761fc987fd2ff469b4615806d268740452779163977fceba9e51cbc447f9ebe291d0f08db678a4be4c74ce2d49c0dcb

memory/3280-784-0x0000000000400000-0x000000000040B000-memory.dmp