Malware Analysis Report

2024-12-07 10:03

Sample ID 241113-3vslks1jf1
Target a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe
SHA256 a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d

Threat Level: Likely malicious

The file a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2848) files with added filename extension

Renames multiple (4079) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 23:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 23:50

Reported

2024-11-13 23:52

Platform

win7-20241010-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe"

Signatures

Renames multiple (2848) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Mozilla Firefox\removed-files.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe

"C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe"

Network

N/A

Files

memory/2876-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 358893214871a64ab57e27aa725796c4
SHA1 031e7b6b73dccf068fbf6e577c1bbd3b613aa313
SHA256 3ec48ab89bda309264128434a928d942e9ac9c5a3a812051368ae3acf521f740
SHA512 70c5521694ebe290a77addc8b70ff057eb0f6230de5dbb0ccf114ecb21b4bacd363f3814e39cacf18bdfe3235d4afe1fafd64d835acc6192228315bdbc914759

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2bcf4c8a6b48e7ec65e3f4a60fbd2f0a
SHA1 6b4f6591d32a08207f4530237d648e2c4e3e5858
SHA256 e002a0c08cb02e946eff49f5c7558d30fa721026799ecfc45aaee05caeb2fa29
SHA512 fcba0d2629c05dd9bc9e9b2779b9f69e0440c7931f04c08a6664c6ba381648e85c56b16b7a4cee7891e1d5fba149738141289b3281e05f3739758143896bb440

memory/2876-64-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 23:50

Reported

2024-11-13 23:52

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe"

Signatures

Renames multiple (4079) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe

"C:\Users\Admin\AppData\Local\Temp\a74753293d10672c12d60e0e9df78df38d2d7b7482741865e47f4ba42871745d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/4872-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 297bdfa3e6f9382a5b8d7c6d6d39c38c
SHA1 cd6d61e1f1c4f24f53d21db95e1b9c29b2fb7935
SHA256 3f294ea5ed37522de9ea2757f37f712bfaa469dd6477e50e3839f00953a24018
SHA512 d52bff57f209a4e8360ec5359586ed84f936bf4ade8c07912caad833a5d07aa196e2957a2d09f5340699f90affbe3a600f58f861809caa2ef2192675b75966ae

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9ca026f55ceda78f04369864a9ecf091
SHA1 f3b409a71bf5ef0219049f907dd77da1c21e5236
SHA256 e1fde1d35e8504dbfa0bc3044b0a137c5511e3fbff6969c5d732fcd544d293b7
SHA512 46f20582d6bfdc2b1f44bc01318cdf8ada586ca451b1335dba41f93178803883422d8784ea5bfb1fcb0f2431f8d18337a6966b473f5bc04d96749d418e641ba5

memory/4872-650-0x0000000000400000-0x000000000040B000-memory.dmp