Malware Analysis Report

2024-12-07 10:20

Sample ID 241112-2yx5sssjdz
Target 686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0
SHA256 686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0

Threat Level: Likely malicious

The file 686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (1173) files with added filename extension

Renames multiple (5190) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 23:00

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 23:00

Reported

2024-11-12 23:02

Platform

win7-20241010-en

Max time kernel

150s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe"

Signatures

Renames multiple (1173) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe

"C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe"

Network

N/A

Files

memory/2076-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 53836981b18343f1f22001bed1b75620
SHA1 c1eb5704d83ad16a09374d80f3b5c7c447c9602b
SHA256 4c11df73d93a85850edb2707e0475dd9575e24b1bc1d26ccfef835abc7d2483b
SHA512 4c87ce97eb0ba1d8c3c1520cda887d2781d6330c8480c751e5c06e39bb2af358697d97de0baacfe7a69c49687ec5feaa965a22dd6f1f351312f245fec315ffa6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b0fbe19c698a08f5a37314dd3ba1f911
SHA1 83daafbce57289fc91983cab7a6d2c930c04f2e5
SHA256 a2b28800c619c80548fea4e0e2279f9842df0c59b6fd02be34bbbbe0d12e7ce1
SHA512 3e59d7e46752a93534490eaf45528edec21d9782217241b919a78d9d5d9bcee29ba1b0f0acc230ed9739c864c0e46a9136d84eea9d23f936b8570513b8bb1bf6

memory/2076-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 23:00

Reported

2024-11-12 23:02

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe"

Signatures

Renames multiple (5190) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe

"C:\Users\Admin\AppData\Local\Temp\686e25e956c67a31eda6b854b3502965b9d913db0c3e5794be461d3e25b08cc0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 71.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/3468-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 84de364a9136f77e4f7482cdccd3a465
SHA1 2e9ee1a583241a6fbb2e7ec4f437ce524037f19a
SHA256 d5ac30e197652922638738a5cadebff08a7e0c25ff78e46be0aabb6e3f389d95
SHA512 da193fa9c314d0287f7bd8f878932786c8dee804bf13e6070fa7b38dbed9bc46593f849439698949dfa27d0b388018910cdd25c0207ecf700d125fb36d2be19e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 97b81765b0472297b4e235f812dc9857
SHA1 9c73c470ebd759d9719d1b1d03d28b9a1d46688c
SHA256 b6226927349e6c2c4631365829da33cf354959ce28946899167c9dd5307bfd49
SHA512 0e1e0c6f3bee2a6b92c3e88fae64b6cdad280c6700d5f858cfebbf06e78e5adf99fe59daee7c211242bd88a0f388beb682b011cdc91d31413fe8239e64fba2c8

memory/3468-782-0x0000000000400000-0x000000000040B000-memory.dmp