Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-gznyas1ckr
Target de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84
SHA256 de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84

Threat Level: Likely malicious

The file de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (1156) files with added filename extension

Renames multiple (5196) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 06:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 06:14

Reported

2024-10-16 06:17

Platform

win7-20241010-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe"

Signatures

Renames multiple (1156) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\CompareOut.MTS.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe

"C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe"

Network

N/A

Files

memory/2240-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 1ea5bfe26b11902293436f5008ee4b97
SHA1 b98c820db09125e24c7b72104a8d27ff5aba0872
SHA256 dad95300897f1567564ca7172dc02e084ee589ae42d91786dbfc39443bacd672
SHA512 2898bf5d9fb5132bc9dcb3a8fff12b97f97d080c9b1d07217dffe35df0e01dba5569263a9724042978522592129e899807ec83d6a0d786ec4f44d9868b9b797a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f18d2fa9aec4d9e6da541ff191e6d483
SHA1 2569082e96521246807d0bfbc8f5eec6da9b21cd
SHA256 ae48167396ae1055fec848cfb314abaf0d218ef9019599e4036e4e428ec433d0
SHA512 f4dfe50c507b723ae504f05aa17cd6bda2f710fc43b239a8b1527edbd3086f5d1ec6f12d145fc494e14ca9d403608c6c512d905c5536255fc7f22ae71c7ba3a6

memory/2240-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 06:14

Reported

2024-10-16 06:17

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.123.manifest.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe

"C:\Users\Admin\AppData\Local\Temp\de577034fb7d26973c8a2b3e08c68dc06e5dc2ca5545466bb5139b90aba61c84.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3064-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 151be0920b257186058e0c2b664084a1
SHA1 c7bc02196958243251c8f21df6477b49beaf6070
SHA256 626ca66acb607af0d586ce454753423d4d05663af9c9b2fa29c6607eb10525f3
SHA512 c3a9897b79df5c1ac17e2121a7bcf2bef61b388af52b1c417349d3dadacc7369f5207d468cfa282d9701038569bf06f10e5ed206c28a1cc53c91b1a6f8d023be

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7004af3be4ade256cc969c025e876a4b
SHA1 187f48f5e0d2611a0c27a48ed13532593be0079d
SHA256 83ff790012d5ff3bc28652936b9d95d7d4831007ab1778c0e4d98c39d960320c
SHA512 e959caf11ed07ac6f474ad755fa7c18f7d41863592a5f9f96df69a39d0075c3878b5536e1b445dab4cb896fe2ed52949bf889ef9262035b2a57f977a203142f0

memory/3064-789-0x0000000000400000-0x000000000040A000-memory.dmp