Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-x6n5msveqg
Target 5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe
SHA256 5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb

Threat Level: Likely malicious

The file 5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3488) files with added filename extension

Renames multiple (5102) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:28

Reported

2024-10-05 19:30

Platform

win7-20240903-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe"

Signatures

Renames multiple (3488) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe

"C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe"

Network

N/A

Files

memory/2268-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 c7339f62f781eae1e9920fdfa972b715
SHA1 9c36b8834720d94401a8774eee61a7fc39a307a8
SHA256 7913828e310eab6f5c11af5d55820548e7d5ee6e4509c4d6cd664f73ccbf3776
SHA512 3a91c8152da5768c71c116dc39a5e5bc01002d563b494d826bd4b58b737767cdfff54a6dfde168364451310b086b78a636e26dd67be4725b902a685ff61e808f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2f8994831adbfc5cbe7979b01bada3ee
SHA1 01b3abfe297230c6872b0e658aea28d931ff4d45
SHA256 bf2a9b6d4e8fc536d5c0d78f08ff98dfaa7ca62d2b84920bebd589cab4410c29
SHA512 9c4eec5c5bd34af1eb0c533fe37a2dd043f6e6c8344df70e8419745651ee58533240a348071968231917505d25f5e2f8b2d19f5c58528716b8a492aafcb178b6

memory/2268-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:28

Reported

2024-10-05 19:30

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe"

Signatures

Renames multiple (5102) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe

"C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/548-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

MD5 cfd6ed20fbbcfe8b5f9e3e6445a27ada
SHA1 461b9b08f30525c79290aec168c2a6f60b1eca14
SHA256 d9dfd7354af77ac2d78372f4321167677ecb809c0888f1e3bcd1a89b78833249
SHA512 57107ba5a76f7bd634502a94e642bda59fc11d97b8035ff971d5d08bcfbb5e61002d70d3e9d85247828fe2ffc2cca0ec5eac37e2d1ed292e4a40300fd6d0c3ea

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ff4e9ef2a04da350ca135cc01b3f8458
SHA1 5926b9a573afbe0c3bbe4c22def36f0173028eb5
SHA256 82d51186dab8e9247d787296addd4106a9373d9b2a76194a73a1c8abca837fa9
SHA512 1c8db4ef5cfe5ce475622ae426e10031ecfee901cdc52fca70a31c6ddd8939ac061833f6f755e2117beff1bf2cbd99c1dcdac59d1a74a873f8cb49f3293c2d10

memory/548-870-0x0000000000400000-0x000000000040A000-memory.dmp