Malware Analysis Report

2024-12-07 09:57

Sample ID 241114-k9p5wswhka
Target 5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe
SHA256 5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34

Threat Level: Likely malicious

The file 5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2102) files with added filename extension

Renames multiple (2737) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 09:18

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 09:18

Reported

2024-11-14 09:20

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe"

Signatures

Renames multiple (2102) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe

"C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe"

Network

N/A

Files

memory/3000-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 69cc660b76c4ebdca58f6d061d4c4761
SHA1 56040ad4bea893d02993a5516a0935e382a43d07
SHA256 375dd220c8dd2e0db1fbbebd8cf168acc8c213b697e9cab7b894326039d182be
SHA512 4b4dbb3bf9561cc4c5e745e5547616ffb0d97cce0bbf670018d52134b2b831d77c9bed80d90a460be6135f860cb6cb7c4c75bb58f5d032178ecb82f89de9c272

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 232c151314ad301655519370040c2022
SHA1 1e554a686d8e68fc86163f13be37af6a95ea8c19
SHA256 45edd02395374d928dd4679c01eccd2de5d3699de1b63da0a086e2e51677d8b9
SHA512 e79a37ce511f74112706bb4e4ef7d4df5f9c1340fb99cfe6162d4154323647a872b6bb260bba1b5ad7f435f90b56c52e687e73abd1d56e70da61802d1767d4f2

memory/3000-48-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 09:18

Reported

2024-11-14 09:20

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe"

Signatures

Renames multiple (2737) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe

"C:\Users\Admin\AppData\Local\Temp\5c0312cb5cb51667f618ea93286092b4db577fa719bb8672a2d7d4fbaf1c0f34.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/1876-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 8effdfb3c182dadfd803ea3c8d6e8898
SHA1 e585a5052b06268846cfbd115da856889ec4fbdf
SHA256 7a98bc072f22973c97b4c050c38a93efc6fea481ebe3b1e2fa085dd3bfaef2c7
SHA512 85ff6b6ce7b31b02aaf9b8476f177af6b8698ccc001992afd5b94d294c5eb9bcc3d97edf00aba404852c5c57fd25bf6bfcc0ac165ef1698420859b88601bc905

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bfd16f612f824b9ef636cd55562533ad
SHA1 519f63540e0710902e76c4f388d0803fa5996b29
SHA256 e9a33708148d3a592fb946d56961a6e20325688880c5083220ef290f7036ca37
SHA512 4cd5f13b4a99212e3bd1b987013fed2dd42e884a03b77d5224ca9b52d6133b9e59f51d69fbe153f102cd9b337e3485bfe23fc96b2259e84b459b26ee31886b2a

memory/1876-548-0x0000000000400000-0x000000000040B000-memory.dmp