Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-gkgknswbkh
Target f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N
SHA256 f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546

Threat Level: Likely malicious

The file f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2894) files with added filename extension

Renames multiple (4355) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:51

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:51

Reported

2024-10-16 05:53

Platform

win7-20240903-en

Max time kernel

120s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Signatures

Renames multiple (2894) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Network

N/A

Files

memory/2656-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 8a88a240075c0f35fea867b773d1d411
SHA1 89d503f12a59009960c3265f47e8c2d6f1b3f3d2
SHA256 5aaedf8b4e7a9c1e896ad715da9e31ef1e35758bc6d908dd064dc5ebe98725fc
SHA512 f42f065b5a9eacef20f3103bdd76ea00d9ec8c36274c842564312d4f1f63eb60d953f887d6634415b6ec56a5e301868ebb94c2d9a53e8302be5ae21f9990bd96

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4b8106cc3cff268b312515b93b552f61
SHA1 f1a96704f4a476a9bd15a2c4225d15edea225620
SHA256 80e3a80efb87435af3b4ad7ae818316f893ebe9ebba5e8eddee7754763e51d74
SHA512 0c15b578b686616e579bca41dc3d5c8ab61468b2c0f911464f73a9479af3d5e3f887c22c7497d1e209969eff263d0719a51398908e7c465d087b6af56b854cb7

memory/2656-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:51

Reported

2024-10-16 05:53

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Signatures

Renames multiple (4355) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/3468-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 6f7928338c8e7977ee173f55becadca2
SHA1 56ef20d3a888e7313330cb89dfc923d8a15c9de7
SHA256 60db1a6c110a3e13ebd6ff1ce0647976bd120ced01cc958317f23eaa7bc0effe
SHA512 3487cd314a59ec02b6a2c2032953169e2e76a7ea887e6512a9d9f0e89edd5cd2f695fbf41663d55b9601de00355dcfd8cae5847a5d73bd755e3e9535295d1109

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0c967577f7aa6461dbf347be453d5214
SHA1 767a2f681b528769e9fa8876011ef1e319c7b159
SHA256 8b0a19608ef6a863cb9fb9e0e1c1cbca723f0d48d52d584022475547c48bef91
SHA512 b28cc08abf16b85fa59a0a2f57e4ebc0b2a3b21f20dbfc6c8a21d66851e04db52a1fcd8e44cdcec1a160c548781971329730db0f9233ecdb1df6750e178141aa

memory/3468-740-0x0000000000400000-0x000000000040A000-memory.dmp