Malware Analysis Report

2025-08-05 23:15

Sample ID 250115-158dnsxkas
Target 2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
SHA256 2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33

Threat Level: Likely malicious

The file 2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3477) files with added filename extension

Renames multiple (4815) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-15 22:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-15 22:15

Reported

2025-01-15 22:17

Platform

win7-20240903-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe"

Signatures

Renames multiple (3477) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\UnpublishResolve.easmx.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe

"C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe"

Network

N/A

Files

memory/2968-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 49d2e0c8d9512c788a8c2f17e866c308
SHA1 667c840c19e8af183841b46b102031e2903d22e7
SHA256 0896776c1f59521a26f8877e0838820ca03b898d2178343a3888bf9616c14cf2
SHA512 a8a92fa4bf397ffb9a2497bc231390ccb7d54860357805ba0f1f2e400770d80c5749e5b5a71e820cc7120586e689ba80462238bde30508b331a938c977ba0d19

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5868e5f0c5b2fd140c811a1811627172
SHA1 d67ade8f665ed09277eb3bb5ccfcd1933a7b90f4
SHA256 3ce49191cf10b7850278e358b678ea8edcf046ff938b34b17d0b3929369e7a5e
SHA512 452b0759266b54dcc6d1526ea9bb502f5bde1b0f9f5e969b294dae34791f3ee8f0a0cefcb8132e44a0e030332d3fddf50a65d0c0866ba9ae821378459ce9f7cc

memory/2968-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-15 22:15

Reported

2025-01-15 22:17

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe"

Signatures

Renames multiple (4815) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe

"C:\Users\Admin\AppData\Local\Temp\2d9d3a0eb209d0bef59c55f89eb710d7bafd85f075a57b3c06867ae17d7a4f33.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp

Files

memory/1144-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 e395d33c9b04a3b103fd60247bc19c77
SHA1 a8226664be46e238fef9614ec2e8d3cc231e954a
SHA256 23cb2444ea2c09d642abe97758d69404218095d7666c00acfd9379f13ecc0604
SHA512 d8f809f6771868af4fbd4b5f86df33456bc0c768768bb3315265846e1b2ac95d3f91ba62fbc22f20d6383ce939eeb1afe4173b6bfb4eaeb8c64748030db0ac17

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3a99a4cb9a2f92ca433f608b5689ae7c
SHA1 a376d3fe09d9f3c70c397f0a085a7c7166ba3df1
SHA256 a88c9f4cbd8593c9ed6f137803a31bf1008d4a0f1ad3da7d5f555579d07cffed
SHA512 7cca51ad001545fb47f40063cf1fa96a4f2d2d0ccbec0dd8a44d9e137dcf55c64e2185a869708fd9433e67baa6a26980575f9332cd4e6007ec3ddc697b151777

memory/1144-658-0x0000000000400000-0x000000000040B000-memory.dmp