Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-gm5ehswcjg
Target f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N
SHA256 f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546

Threat Level: Likely malicious

The file f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5100) files with added filename extension

Renames multiple (3594) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:56

Reported

2024-10-16 05:58

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Signatures

Renames multiple (3594) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\MountOut.mpeg.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Network

N/A

Files

memory/800-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 0ccb65c30534dd7286e30f17c705c16b
SHA1 0e86de311b0bcc1a6d1f01efb150f3eed2adf05d
SHA256 70d677928ded3231c480134b11fbaf2521a33c575a89c0a938db4415b2ca6096
SHA512 b0beb4b359c0116b4bc9450a8dc6ff844bd831b9ca88230802315751d21d1d6c08109ac73d07c4b28d80bc2468ed8fb74da596bded2a143ce5a4cc02793d1f8e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d2e7fc1c4367dba18c9e52fef4c16082
SHA1 5f38f73fc35934b887fb61f97de6812c7b826b8b
SHA256 58027813f69fd5296ce911111585cc133a965948df0180537913bd66811609a5
SHA512 e195ec2deb51661bc03b00984a8baa4bf8803db7bac649eeb2ed57490b9697b9c8402cb84ac39c46c4a9252b00834f90100b9020a9e5136dd32870d390fd7a73

memory/800-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:56

Reported

2024-10-16 05:58

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Signatures

Renames multiple (5100) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe

"C:\Users\Admin\AppData\Local\Temp\f57d78738509239f5341ab67e31bad8ab312e30fe4b1267d514844adc34b0546N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/3324-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 eaa23ca7fd8b9a907722e73601f1b76e
SHA1 67424a99be7c75cd36af343833e83631f4f105f8
SHA256 ec3662b0b56e70a04655c42cc595fe2b6d2169a8b7c50c59c34a2daa71756ea0
SHA512 8ac92279a87112c46ced071a45282e6395a9cf0f8e5821cb730e6643c5510cac1f49cd7b5e71849f8b82bb04597d071323d03e53dcf4ed4a995a548a37aa4a9d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d096f52d63385aa8da7c29128085fea9
SHA1 f749c1cc80f91c8f6a7db907bd2b5b496263e249
SHA256 c3bb1c5c03579d2680b1379f95d4e8875690d8ac93f1bd70685ab4f7d86dbf1a
SHA512 91a611a7dd0c6fcc72de91170aaab3076be88256447e6614f287cc916fa8abcb39fe3ae8d62d26e46652018f27eff9408a8d162d70962d4a20ea9e19e6477e90

memory/3324-783-0x0000000000400000-0x000000000040A000-memory.dmp