Malware Analysis Report

2025-01-22 20:17

Sample ID 241020-ax1ezsycqf
Target a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369
SHA256 a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369

Threat Level: Likely malicious

The file a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3519) files with added filename extension

Renames multiple (5029) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 00:36

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 00:36

Reported

2024-10-20 00:38

Platform

win7-20240708-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe"

Signatures

Renames multiple (3519) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\MeasureDisconnect.xla.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe

"C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe"

Network

N/A

Files

memory/2568-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 f25a2cfdc2ebbfa5eacc4a9a271f81d5
SHA1 48aefa5f26bfdc4ebbd735d05b28b94afc0ea230
SHA256 f309ce2a28491c01b4153211ed79fa3e8f7bad12b5ddb4eb0ef93a9b8cc10425
SHA512 5effff1770a8a5a70ab5c08969296f5f6ddb00e2bff1808150f7e8ce0b43833d03cad2713991d14cb8beddfa110551ed5a011e4cc69d5d0a6f352832984475a8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9ff7f755ed7a3081498a810b1e89aac8
SHA1 285fbd8b1cd45fbc1aaccd286b8822dba9242364
SHA256 bb1416d57f2f889c41fcee554c483833f5549dc09463352d8e162b61174b41b6
SHA512 0dafa5d3533ac1a0a54425e1915ce7470caad9f414364cd9e8a15cf59353c9ae9f5ff09999d8a2bcd9136ca7a1a42e58b6e884d946f4fdce753e703fb172e219

memory/2568-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 00:36

Reported

2024-10-20 00:38

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe"

Signatures

Renames multiple (5029) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL096.XML.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe

"C:\Users\Admin\AppData\Local\Temp\a35314fcb66859ce9b63724a033a600b0533821ba1ed7da959511a5b0a2bc369.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 28.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/412-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 5b5aada3f4ff8ac701a81ae40e08263a
SHA1 53636b36037d9244b6abd5f3e36cf5a10e1490de
SHA256 ed75fb175a77697e8ccb4f77db5753d9e6f21e5e7531ea5351fe97596f2c9227
SHA512 42e95b6b7173dff37dc1db00bb655f5845b4e07da307ddec433fafdca6379a967de85f8041f6da9c62bbe625bb16d2638bd68a03b413636182f97ab27961ebed

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 fe1b1c3ace0fdc9039c92da5be323881
SHA1 f03fb4b38356820b72f3a9b5291560fd4986fb00
SHA256 36f4e02ab2c4ff29a5fc8138c04d414b37cc0b97ae6981d8e34fd9bc04443af0
SHA512 3af62539a011b23759d4fc1cd938a38afa7b26c3cdb25ef202c63c89e2811b2c1cb5fdc402a8ddeca2dcf33e94e663d4b6eb4d600fa081d7f420ea836f22bdc1

memory/412-738-0x0000000000400000-0x000000000040B000-memory.dmp