Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-ffdgsatbnh
Target daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN
SHA256 daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347a
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347a

Threat Level: Likely malicious

The file daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3486) files with added filename extension

Renames multiple (5012) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:48

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:48

Reported

2024-10-16 04:51

Platform

win7-20240729-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe"

Signatures

Renames multiple (3486) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\WaitDismount.rle.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\ClearJoin.snd.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe

"C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe"

Network

N/A

Files

memory/2188-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 34e82a94ccc7b4c90114ed23eb27c57e
SHA1 8a2e2f9ddb00b8a30292a9d8fb4b805d02a8cc0c
SHA256 959b31b5172609614df6dc5c93732069ea3880150f55270527ed6bedfecaaea4
SHA512 e35ee3c131705b8ade0891a4ec53ec06121fe50267f40e4f34e55dc5790c3f0da02db5abdefa424adf357c7d978197c74f848801c1c6bc5b4a697703d2512254

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 41ea31e8c5106ad8656e77a6b79ab5e0
SHA1 fad782d8ecd77362894af8c85d7c056b3b545ca7
SHA256 16a51cd48e2b96e4130821dca76628f0f01fc8584ed1adff39743921f5a70271
SHA512 b3b3fe50fc06e28a4f44d5674021cd044af4c86167014a6a672a7696487fd41fe102a340096147aa5e1b903a0d23f4730c1086b16d696b08b23eb867ea9f91c7

memory/2188-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:48

Reported

2024-10-16 04:51

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe"

Signatures

Renames multiple (5012) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe

"C:\Users\Admin\AppData\Local\Temp\daa4cd42c55d73b503b0ab02f88994e087aa0d5e39e3e03ff11c75553a8d347aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3412-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 ef08cffe20667622d363f80d270982cc
SHA1 1356ed8bd1115b2db1416a7467d80b7a1456d4ac
SHA256 c88e9f3f8f86f14ed3fd501ffeb57fe489ac5eeee2e0211efbb0f185388ca9bc
SHA512 71cd5df126b8006b7f9548b5336e9a89303faffaeefe48a950a2501572b45d13ccd14fcf8f170a4ce2ba7126d5051f9a6152af8e4beeec3a615a5e45a8da4dd0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 912824cde282be89838cd3929599b914
SHA1 1c67decae9e0b3be4649037e8bda4b282d36ccdd
SHA256 7b272633bcbcc78f0936251d76b64d1c089400fef566d85fca6f8002d6fb158c
SHA512 2338fe48762c27b6aea98647c3bb383832654a6cee84edd45865b590fdab928819fb116c6627eb038cd734b12747edabcad880eeb7edc1089d248f3b491bc326

memory/3412-664-0x0000000000400000-0x000000000040B000-memory.dmp