Malware Analysis Report

2025-03-15 08:16

Sample ID 241016-exy95sscra
Target 5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN
SHA256 5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fd
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fd

Threat Level: Likely malicious

The file 5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3403) files with added filename extension

Renames multiple (4675) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:19

Reported

2024-10-16 04:21

Platform

win7-20240708-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe"

Signatures

Renames multiple (3403) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe

"C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe"

Network

N/A

Files

memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 a58615ec0cba16ff0b1b58eba39c9256
SHA1 4dc65cdf837943d0571b4e4d66c7b48b17a8db20
SHA256 aa9fed99404b87b0d29c56706e2945ec82c208470889f5ed87a2af680ce98112
SHA512 c457ee25d382c4f34c926d69acc4d57a97f075adb7042357cd5cd05e791ea75aa3398a993d18e3d64107c222fdcffe4d3d7996408b9c2cbadd31562955062f55

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 803a6c8b98404c5d17558a40f1daa90e
SHA1 2168b9f835959ddb35985d7b04d3ea340a3f4c75
SHA256 51ccaa0bf65f05c7f2f168cd3d0edfee2fe226aba18ba98d3e50f4a195d6ba1e
SHA512 66f8d3f0f6721ffb79b098b5eb6d7e9ed9d89c888b2f2c0f602afd65f1027d7c5c6ace9f7766fcd08e464c217b201bccf93c723e3fbe7d6b6a103a2952c9c47e

memory/2364-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:19

Reported

2024-10-16 04:21

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe"

Signatures

Renames multiple (4675) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\AppXManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe

"C:\Users\Admin\AppData\Local\Temp\5e93756da413bc106191fd8aabe36b13287a7baa3b18f94ec9405f9e34ed76fdN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/5092-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 38ad54dfa1712e640bc0adda789b1fae
SHA1 4fc2fe0b0bfb2eda2e046e2e93548dde2ff1d75a
SHA256 892a89d7efb21a8e279a4ac15f9c64777bfe5ea41af2a429cef7b6b4f52d637d
SHA512 433790916cde7562f21ca6c94912b9474406a9c370697b8bc2bf6d3450d7d771954c491bc319c29aa814d147070037e5534c212aee883b39a93de15204cb95f7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ec638c3aa2c3ce549a6854223caeac59
SHA1 7dc7aa79ce4552b856e3768965738536c4dc9fae
SHA256 701484fe520a4723a15bb0e2c6fd1a0e76cdb7b52aff0deb90044534abaeaa54
SHA512 4e7de97bbe6f62f5ba4e5162c9e1a3abf774e78c040fbcafae6aa04b086f2317335cf352ca342a2d454668289e04d2a5b5f9cd57acbb5f17c206ec76b5a20b9c

memory/5092-787-0x0000000000400000-0x000000000040A000-memory.dmp