Malware Analysis Report

2025-01-22 20:14

Sample ID 241019-xr7y7svdpk
Target c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN
SHA256 c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6c
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6c

Threat Level: Likely malicious

The file c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4344) files with added filename extension

Renames multiple (2847) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 19:06

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 19:06

Reported

2024-10-19 19:08

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Signatures

Renames multiple (2847) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Network

N/A

Files

memory/1076-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 e4d5a86802cdf0cf2457a5f136ec269e
SHA1 5015aa2526f028f1d277af1d455728737f650ec6
SHA256 ab3a9c8a45faca61b40363b5fb74cf4a45b030fc512052d6c5f353bdd4245b09
SHA512 b33012aa8b492cf7be99cc1af6d6f0a56bc1f48bcd56ed4682b993378863919183ca748c1bcc7ee5346e6d3b275b215e5107eb4e991df786304aabbcf58e1009

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cf4c19e11f1d7438e4195d19ba20be99
SHA1 44bcbbc1a5a8f90ff3bfe21e88dd0207eed80caf
SHA256 8d41c7f924fa8e6500b420b5ee22cc8d74ee96571001d9001ea4b76dc8ca65a7
SHA512 ffbc3d30b3b3e208f47a58362ae2f56896fa1de2bc3a988594306653a231f34a929c8b0b71a085e2722a42e15cd9a53896576bac410c110bc1c4fe5f63210378

memory/1076-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 19:06

Reported

2024-10-19 19:08

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Signatures

Renames multiple (4344) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe

"C:\Users\Admin\AppData\Local\Temp\c35b0614f4b9142df730f9f6eb569f535697eb180379b77d461be85549c4cd6cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/2500-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 00ad94b0f891fd026b8bd05c1e4793d4
SHA1 af303a766345cb8d87adb422c10f3dffbcc91faa
SHA256 d60aefc2bb9c93dc2227d84a206645b69032f0fc4c0410e101310de1581de1fc
SHA512 7669ca8b3a9fb07de978e2796517eed0b35234298fd57c16d6c833e1b7d427b403246bf520b047da6b602f8165868cf6574d055dfee421028e2b40352ab482ae

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a2fef08e1971ca99f897cae7a5229146
SHA1 2f07850d8492a1a5a9f8d43e00e9d1224d92d777
SHA256 7ed996bc1cecb56ad72acb5c327976fc75955dd5f52bfd0816a5541c6a046600
SHA512 bfb839035e42e5a27a5253c649e0bfa329f5707d586182a3f832684be1703c74bfd53e4525456125be2995742f91bd5ac176a6c519a4735c6ba649182382cd65

memory/2500-664-0x0000000000400000-0x000000000040B000-memory.dmp