Malware Analysis Report

2025-03-15 08:26

Sample ID 241020-zyyefszfqf
Target deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N
SHA256 deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8

Threat Level: Likely malicious

The file deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4333) files with added filename extension

Renames multiple (2877) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 21:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 21:08

Reported

2024-10-20 21:10

Platform

win7-20240708-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe"

Signatures

Renames multiple (2877) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Mozilla Firefox\freebl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe

"C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe"

Network

N/A

Files

memory/2848-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 f4e6fdc2b20580d230190dcf266c3bb9
SHA1 bc622c72099815095cb5049d2c4683f010ec5416
SHA256 f808eecd8aad2574c1b9035a04050e60f6c73038f394036c637edacc406125b1
SHA512 0fba97a92cd7481d68266aa1ebcfcc6cd221a4d6e9be3fcef482bd959635fd1b9de466f6687e5ad83c9dba6fb0572e761769b0aeabc99deba254e85c4bbf7bc7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b4b286e69238903924e9ecb00bf27fd8
SHA1 34871a37cfe84a05ae123101b09f07c0e748e450
SHA256 f0f449b01632d48a393a058d196ddf915d55556142f7d589308373fdc9a57588
SHA512 b0ec8ad3c8ea07b797026729f1477799d0bedcc7dd3f5da4aaec1a49c4f0215160f8654d444b4f8b1be9d08aff8c50f8d04ac20c88961409a35fdec77c5a6b05

memory/2848-72-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 21:08

Reported

2024-10-20 21:10

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe"

Signatures

Renames multiple (4333) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe

"C:\Users\Admin\AppData\Local\Temp\deadfc5cc4c8454165697f0566ca8846be7803e785f2afb1fb10ff237e98afc8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/1372-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 0ae2e73d9860a2d379713cfa73e894de
SHA1 269288619d0a2a33fb9b4a1cd91d2fb6fdfac004
SHA256 4c4e27809e015090c021be85f6ca138de357207ed70661fdf4a925b6524da22f
SHA512 937f9959a0418e91b7ce8b5320060132e98fef65470ad87aa5e6b91e6a128fb6cc4120b528b7959d3ba8105b74fb7bf94627a84138fbe72b3c82ba1b6c53a364

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b2c97e889b654aa668470f7cfa15906c
SHA1 1f457a82ed3815ae1c3ceb335c93738b6afb0151
SHA256 21910b6c24a53a995e6c3f032cf4c3ad926031ba59093364b535ebc44bd7c23d
SHA512 6779c433baa1a421ddd4ce998936d93789c5d89b7a1df3a506a57676ca85bc951691fb135aeed8d92e6b566fd92cbd743be72b0ecbb6dce860557a1fefd81bc8

memory/1372-658-0x0000000000400000-0x000000000040B000-memory.dmp