Malware Analysis Report

2025-01-22 20:17

Sample ID 241020-cycrestdrg
Target 5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN
SHA256 5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68beb
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68beb

Threat Level: Likely malicious

The file 5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3242) files with added filename extension

Renames multiple (4237) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 02:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 02:28

Reported

2024-10-20 02:30

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe"

Signatures

Renames multiple (3242) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe

"C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe"

Network

N/A

Files

memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 d4fde82e3f7eb785b86b9d877f9a81d6
SHA1 8d9479b385be7574ecf665a91e78b5956fe0dfe7
SHA256 e644741f19882ab3e3bfa4efebbdcc748402212b59b30f82fe2e04975e687326
SHA512 7041f6cd54b4cd927d236885682aba17e67145d8eb1778b4649920526260189c0afb82d5f7cd6e5538df1ca09a204295026ae8ff88b08c03a924b561ca3f2a87

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a8d9ee3ee4caee2f4d556569d2b357a3
SHA1 a2a19c47e6e175e543211d6e72ef8ac997978f38
SHA256 4e5bbc6d27ba50eff82bddeaecc4a9757124024b9138d5a9e279018fe450455c
SHA512 dc6fb43e29c742e64472ce2d392850aee1151b0115d534d035ea1e57fa8c2ff827befa1655bd74d3f9b7c32bacd2ea69d63f280d9ccc1ffc5fbc9d3d553bf047

memory/2364-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 02:28

Reported

2024-10-20 02:30

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

107s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe"

Signatures

Renames multiple (4237) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe

"C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4556-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 f5669be4d0217096cb65b8570bcf3f99
SHA1 431f3079a1243b058a5a942d596417ad3c59ab99
SHA256 665bb500246c04731939b647e82267c06f4fe5ad879e0c6055d654c9b3144300
SHA512 10c0b4ab88aec724a6bd2fd376f1363de25b5d342710151804f45ecca3c469cef5a9cd5e38f3dc4bcc0eaeb947327f76722d812683ce3816838b13a3d48e3b8c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3f2394b7c21671dd2d4d50177c7fe5af
SHA1 8b057461050fb60e8c679fc2abc5eb75b0de252c
SHA256 3041f60ceba50ecec0d66eff0ef9da153f859204c821c3435daf9fc4730d4b63
SHA512 f387768aab4ceb9e7abdb5c9fadee3473ce26d41b5ffda28defea6805ac6b944274aa656677049f66f760cad7425dca26fa2611c2abba1ac1079c2d0e9749918

memory/4556-652-0x0000000000400000-0x000000000040B000-memory.dmp