Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-gc3g6svgjb
Target 518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N
SHA256 518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595

Threat Level: Likely malicious

The file 518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2730) files with added filename extension

Renames multiple (4139) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:40

Reported

2024-10-16 05:42

Platform

win7-20240708-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe"

Signatures

Renames multiple (2730) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe

"C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe"

Network

N/A

Files

memory/2372-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 f6e2c3ce6c56b0c342f308352112ec9b
SHA1 6f0bfc189db288522d98022bfc72dd26c4f82450
SHA256 22981f8bf1e471da44bd3ff93b3705987243b96e43da681e65337114e44ad5c1
SHA512 1c87efbd7da8dd224cb4d82ba3bd07cfb2a93a7b5bd9bc903192c098e185c9bc62227a281977132ba8f78539ca5b7a2819610eb95f1da44e96ae619ec2242f0c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 feb4c7cce6be485c6cfe0051d9d40617
SHA1 743f7db7034a2843fe391c9ed0e2fd64c7d0c0f0
SHA256 a142bc9600ff1c27be0c327ae9a322b2c8bfd30e2bf760a9c11154e9d0e83bbf
SHA512 3df4dd3bfbe46bd5caf84dae055563629d9a4b0ba9e489e920cde2abf8ed63aa02ab626df729c311379154a5a91bdde7ce8b1c8509e2236275e43317d138582d

memory/2372-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:40

Reported

2024-10-16 05:42

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe"

Signatures

Renames multiple (4139) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe

"C:\Users\Admin\AppData\Local\Temp\518744763949d9e611be80daa85fb236059ed1256b6975aa5ad4038a27e82595N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3432-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 a874d999ce6af841d3b87ce186a5b8b5
SHA1 1b7121bb2604ccf4d9d94f4f2d0ded26700cd153
SHA256 9042694f24d70117c43e4ddd8988b4bc7e3a4d753c540eb45d80a1bee9911faa
SHA512 bf802e237dc3b6ad388999e9d847b8e82a466d38d11bd4268e171fe07030ababcaa72fba033e746b56f461978a3eb68a85a51456db2931e20c095d447d546d24

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4b18d6f45138a1f725a9b43a562921a9
SHA1 9bb3dd2007aa696686596a7fdcf32f3b947f3c16
SHA256 173886e215d793a4a11da2ddac6e14e220a153ac483031e32b90b8f2358eda25
SHA512 496df0e5897449a5d4a7c523c895abdf1c48961ad1bb9e20dad2f59c40bac9eafaddf75154662ab180fc57da1e1c7adfd731b9e250cd4ed95d77ca2037735e22

memory/3432-658-0x0000000000400000-0x000000000040B000-memory.dmp