Malware Analysis Report

2024-12-07 10:04

Sample ID 241113-dw7dpayncn
Target dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683
SHA256 dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683

Threat Level: Likely malicious

The file dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3740) files with added filename extension

Renames multiple (5119) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 03:22

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 03:22

Reported

2024-11-13 03:25

Platform

win7-20240903-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Signatures

Renames multiple (3740) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\ResetSubmit.m4a.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre7\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Network

N/A

Files

memory/2756-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 1f8cfbfa8a7d47e6d40ff34c75b6befb
SHA1 e05c1099791ef6cc32a7cc3c6ff5058b4724c0d9
SHA256 a826282f77c86ecce63a4ea67f5ad4429065ad1e69ffd808b325b311b1d65a95
SHA512 d4d1771a2aad206a93a2f1cc66867a06e4a06d999fea5edbba5649733b092ec97f64c5f5421a646bb81cad0558b6cd3a932cdcaecf7c3c4218b6715caff5c338

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 88e063e574f14c0802ffe5894ff66c27
SHA1 4b6428494bb8c644b4b87816123595758fa997ed
SHA256 7c95973b394b5c9e07988efa5a7b60973ae47d8a7960e820d981d417b34bb7be
SHA512 8868bee9124d53a6490cb1bd1e72059cdc8dbc54118830096c51521e9f7d626760853b39853664ec9f1617c0a32e1b444a1392ede6e16c40eb572fbadc9ef972

memory/2756-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 03:22

Reported

2024-11-13 03:25

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Signatures

Renames multiple (5119) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe

"C:\Users\Admin\AppData\Local\Temp\dc6ed735f2a599261f0f9fbe079184c07d04b961b5c845e4bb07f190d028d683.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/4512-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 18a1d172ecd956fe9503c9b77f8e7cd4
SHA1 1f9425a9e291d971e71ba545e0ec49147f71eee1
SHA256 ff6bd1bf7107eca674140fc80cf310ff53119d3d58c2ab4cc9cd8ffb49024902
SHA512 f3a55a93a2e704640bf17a39d3ef89456bb60ffe01420db6090fd2edb6d9814e7698499fb51efe5eea945132f572a1acf164a4e10e0de414ca67b9fa65e1777c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4bcbbe918298c94777a12a323210de4b
SHA1 7fd7e0c19e6f1da8eaf221d93b76cb1a99410209
SHA256 8d1ec764c5859978169ac0ba332fc6656195e27d12f0956de5f35dff1b84aac9
SHA512 f0f7f480eb0bb28b202097750601df3686c6da47d4c5101d96b8603cf2266141a2d463a57c4a090317f4e639e15f9105966e76f238631ae540e96e969268132e

memory/4512-784-0x0000000000400000-0x000000000040B000-memory.dmp