Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-ja9vksyhpf
Target f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N
SHA256 f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463

Threat Level: Likely malicious

The file f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3153) files with added filename extension

Renames multiple (4613) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:29

Reported

2024-10-16 07:31

Platform

win7-20240903-en

Max time kernel

119s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe"

Signatures

Renames multiple (3153) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.ini.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe

"C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe"

Network

N/A

Files

memory/2440-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 5dbc86380017361a93a49b814b5172ef
SHA1 be35850e2cc1c3b77d2bac068b7eafaefdcb6372
SHA256 57af2d62d590a8c74aa9647f8557a719832fde1fe55fe943b37fbf985a476df3
SHA512 4c3601384bca8239d92de4afcd16253067b21840765e5110f58f34117b08120c8eb4fdd35137887b030675889ec70bf48de035e12b5431dcaba8d7a46b1a83f7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 379dfdee20bd3f407c804c407e0a358b
SHA1 55e29caef8d21423f09ba20e0689fba087fef628
SHA256 7ed5c5b7da609b665b5c960ec226f33fe01f3174c52b121142a9d0eb5a958254
SHA512 cf48f8cf4e8c6e1b0d94df814484db05a844da56fdb9dd08c6c97967959f385e1c0d2a0b91c67eb467c5dc4a065967f44baa8147703387c19d219168b7f3da34

memory/2440-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:29

Reported

2024-10-16 07:31

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe"

Signatures

Renames multiple (4613) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe

"C:\Users\Admin\AppData\Local\Temp\f45acf7a58b90966c32faea63f7105a620d2be9f9371fdd27ced2dd9ef719463N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3360-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 a2ab976351b898bd019d7376e41094d1
SHA1 534db4050f7914b99bbc52e7b1e5ef3b0ba59db0
SHA256 0c3ad83dfed5e5c54072acca5a284994cf6715ee7f93759d1b34f6ecd76654e5
SHA512 941dbd3f273e96650106eeea3eca2f4d8c815e18e5d88f158a9809bda4c039958104b54b1cad47502e458e891a212a31e67b170be554400131b68a3d9fa10e74

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1d94c868f93b9415b22386f54195a951
SHA1 f06bd3ba0ec6434f5a30c19b248f7b348a7488aa
SHA256 485363e70c0bce361a6e2b51c436cc983b75f5269c3a87cb489e25d313aa0aad
SHA512 26099d9c3f6fe261fea2a3e37b9a209cfa7e307052ce4bd9506d0a4b2993b619f222cf71de85b468907367dcd66e6b8f553f89f695c33effd82c304ae73a89fd

memory/3360-784-0x0000000000400000-0x000000000040A000-memory.dmp