Malware Analysis Report

2024-12-07 10:03

Sample ID 241114-bpjmya1qfv
Target 148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe
SHA256 148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebecece
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebecece

Threat Level: Likely malicious

The file 148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4315) files with added filename extension

Renames multiple (2841) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 01:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 01:19

Reported

2024-11-14 01:21

Platform

win7-20241023-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe"

Signatures

Renames multiple (2841) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe

"C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe"

Network

N/A

Files

memory/2064-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini.tmp

MD5 ae8d38367ae5e546372da17549890ed9
SHA1 aefa40d64fa2bee09bef4e77de48781caa9962a9
SHA256 c4e5bfdac73a6bf15109d8d8052e8b92c6096bc4d16477954b5192af5584e964
SHA512 2f082efbd7ab3cc24a53ac93fb5de6c224a21fcb25ea6632fe88c25e5356ba3068ac44fc73a60382052ab71e40ee4038f16bce2569fa41fbdd47b741d95c369a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0fad9e9cdef5c0e721c46f7780426a77
SHA1 8006304c54a2f3870654ea60d06b225f279b5fed
SHA256 400580ced0d2bb596d981e50ace4ec5dfcc806e1f46ef42d7c3e4fb15043d3b4
SHA512 a5b10b8098dc4c81a91ad6995abe26b76d585ff8d9034bcd312e203796f364abf0e24add86f9a872fbb88237bf59bae1b0c1e00c279b1c4a457acb84a4a86206

memory/2064-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 01:19

Reported

2024-11-14 01:21

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe"

Signatures

Renames multiple (4315) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe

"C:\Users\Admin\AppData\Local\Temp\148eaf3f4b9e6daf9aff77d463be93e52989700437a8469bb9efb0883ebececeN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/2936-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 02ac9ced2e47a7a3726ad7d96d26a85d
SHA1 93ff9ca7891ecbe3f3f5962e1faa6d864c8f5dd4
SHA256 3cac00d87fdf7673bbf543a3deed7e1e5841e17985691912f27856b6a75a01d1
SHA512 93611de7216a644e3c7e64dac858e4c04001ce33c0401087440c334c6a0116a6d63e60594cb84fadfee3c375b872e704428a9f101ad1fd1fb0972aafecfc6852

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bac311753b902c35c7151712536aac2c
SHA1 d4235ef02a3a3279ff729e2bd9a5a663d5350c05
SHA256 e679d06305981b589eaa2e46407c796f35cdb0595f0a9b5f5de73e8b514a68ee
SHA512 733a40b9ce7806e1cc96277c1491f5e8e36d326ad1ef5bf0515ed57ce39ac4acb6ab75480688573e310cc8c72a5bcc354b19291ce372965803b7562e4a2b686f

memory/2936-661-0x0000000000400000-0x000000000040A000-memory.dmp