Malware Analysis Report

2024-12-07 10:15

Sample ID 241112-tftqnawdrf
Target 8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe
SHA256 8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954

Threat Level: Likely malicious

The file 8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3398) files with added filename extension

Renames multiple (4833) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 16:00

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 16:00

Reported

2024-11-12 16:03

Platform

win7-20240903-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe"

Signatures

Renames multiple (3398) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe

"C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe"

Network

N/A

Files

memory/2520-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 986b23cf81b682dc53aafe5b4a4b3a45
SHA1 742a4acafa16868c377d2cb6b282a7149149fb01
SHA256 6123935a00fab5a9926da8116dbb563ec8766403d822291b9445479ca5f7e782
SHA512 f5e0d23dd21247c671805e11f02fc720f571f731e8c0ef16b2285d23f1b9bf311c65bda0b7745123c36fc1f287faaae9e00faaf89acd4d872fdfdf244beacedb

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 36c65255b440676e9233207c7d1b059e
SHA1 ff8d630175d7bb2415ac9cf7ef6bbde5c315a813
SHA256 68d0e1ec777fb7e576da8dd2d77f9e1cd754a7bfd05f08b356f8cdb07e733d63
SHA512 f54acd825bc0cf286e922b672386caa1b2390e1fef5ff21b8f524a482e19694da1e54cff0f0a1a698117d03985e3f7c43219c00a3291bc1f953798a50c38aada

memory/2520-51-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 16:00

Reported

2024-11-12 16:03

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe"

Signatures

Renames multiple (4833) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe

"C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4872-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 6f938de1e4809c7dd7c11855af8f94b4
SHA1 f0c26ce63800d6e74ec7b0cb1fedd652cb76da61
SHA256 524494a3782a680af92746dabf9d3b9e9d6c3f994d8b11353ee766edbaca3eb9
SHA512 c556f35fe10d3e0b6f541ee38a99c7969568f768e75ca088acb8f98a2fe401e2f9de9bb201bba06fc4059a806553616acb1b7c3c27c817dc821665ba84c54f04

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 82eeb708147a4aac0290fe11c3c4ec0f
SHA1 f189197791d162fc93913612f845b7e024722349
SHA256 31da2eb43fdfaf3059459f871a6d7466ab6d22088eae4a0a5d33556473179804
SHA512 74371ca3f99a3d9f9a91767cb19f1a2057a3a87fc45df502fbd22f083141469142896eeb8b557cad7b7d4530151381d6252a5e507afe8c44a440bec94cfccec2

memory/4872-649-0x0000000000400000-0x000000000040A000-memory.dmp