Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-yddnwazhjp
Target 637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe
SHA256 637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97

Threat Level: Likely malicious

The file 637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3680) files with added filename extension

Renames multiple (5194) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:39

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:39

Reported

2024-10-05 19:42

Platform

win7-20240903-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe"

Signatures

Renames multiple (3680) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre7\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe

"C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe"

Network

N/A

Files

memory/2532-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 f13d0ea56a9808efca769cf10146d784
SHA1 40c36582d68ca2118fa4c1cee593524276f273fc
SHA256 f6549e6febfc7a85f0f69e45a102f70e72c84633e3dbfce115e45600c8ed24e6
SHA512 1de090dd701fd234892d692b40c1ef416c019409ea88ec91c91bb03b8ceb0c9a90e079efcf23d2ae486f5855ee7db199a99021cc87f3f33ac76d57fa6cdc3f7e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 72818d78353a87c7d8799c38da2d9ad2
SHA1 f37d4964318e1fde47af7a687abb774a0538dcc5
SHA256 5e2de7be1c14da7eac12dfbbd6653786f023373698d1a3b52de7e481d5d7ae95
SHA512 0c51630c29b21c386999b337cda979248ae237461f1feacaf5028742244d98a637a3a60ad886ced9177cad7a1df9a6f7084cf41762a4e93b1c045ade80665113

memory/2532-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:39

Reported

2024-10-05 19:42

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe"

Signatures

Renames multiple (5194) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe

"C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp

Files

memory/2484-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

MD5 0b431d12b2d1d9c6be9130fd2d75653c
SHA1 3f05a16cbe431c7935d06855cd3527ab69aad643
SHA256 badd370eac0d5536757721d4badbb431f67aaf53fbe4547240c6fc59aa3e025f
SHA512 3a23323d271dcfc2fdcc43080fad9c19b96d1c83a29b3212b775d253e78915a750f2b61c6c4146e68c93534b11a05d2afe15d59d7bc6b5efd4dc2e5521326b8e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4cabee066f6f9b07c47c6674b8d342eb
SHA1 cdb018874435365b76b08855ef10a90e497b51fc
SHA256 805c904dfb31a91847cb24c311562c2fcde4468633d2e7d5a83add8e5b9eb9e2
SHA512 12d6582b9c27ed1d5cd6f653e6a262718aff8ae507af16b7ea47b2515aaf4b453cada630ecf5d72c54593ad9e5027c5a0a75c221121ca7ec07233bbc41ce50ef

memory/2484-910-0x0000000000400000-0x000000000040A000-memory.dmp