Malware Analysis Report

2025-03-15 08:16

Sample ID 241016-ewty2aweqr
Target be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f
SHA256 be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f

Threat Level: Likely malicious

The file be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3743) files with added filename extension

Renames multiple (5129) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:17

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:17

Reported

2024-10-16 04:20

Platform

win7-20240903-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe"

Signatures

Renames multiple (3743) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\VideoLAN\VLC\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe

"C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe"

Network

N/A

Files

memory/1708-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 4fde4b270a6be12ee115315ebd537e2d
SHA1 432cb5e97d8972e24dac96cebf323edcc860980c
SHA256 e2a063df7b5d0a8a401920ef34d0ff7a08a63bbd3209f36c90a50ce2ee796661
SHA512 e34dda0c2c4bd14e5eec4419ffb63d9133b1c5285b68040d144caa5802cf40f6722f5e0d7e721b7ee58dbe7889e22060e860fe303772f469fc1cd310000fe08b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 52203a3a306efc4cf0acdd2e88735c43
SHA1 d288113f980e17cc6c69ce6dc8a75bb8710089d7
SHA256 152d2932b49b9e7d7be8661c61f7610296a7db82a943d8663a44e9245dccd862
SHA512 3d10edabbdf5ff0e0f73406df5e3c59f2bd12d03b0f5318e7923d35e78bf286221759080c26da3f278814c917ea755cdd765ff18ac9a3de017d030c5f011372d

memory/1708-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:17

Reported

2024-10-16 04:20

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe"

Signatures

Renames multiple (5129) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe

"C:\Users\Admin\AppData\Local\Temp\be94979f211df04c0ef7e6250b5d198b218cee8ab246900b74fbfae952269d8f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/1624-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 fc4e0d19bcccb51a19879664509ae2ae
SHA1 5de4e7fc85098e417af64fbf57b69c9a065b39a2
SHA256 6985935c4f941283afb6e5d984b1f580985a6481a108fd27a14501f6ae01e17d
SHA512 d98b3c14a8fd6393b030e9dd119e8fe7c041300843eda88ca5ba699cf9786c180582e27cc4a9b9ec0a94cf9c8aa70c9dc689f8b3046845109dc4f798ba1a545c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7ce6469658ea38b7ea071c0f88a5503d
SHA1 debce42dc1865894614384514f2934a207bec6eb
SHA256 cce4b631f593d700e87d18b1a0b99169366d7c8ae10fb339bc66578c636a7c0c
SHA512 d021d77ee264a3331dde183d61dbfbba9a9e8bdb466d75bbd3b7eb080ea14f646863684b807dfb4db89897d3e6d98bee705e80f665b3c71adda63ffe7efa2f64

memory/1624-756-0x0000000000400000-0x000000000040B000-memory.dmp