Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-kjld1s1hld
Target d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N
SHA256 d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8

Threat Level: Likely malicious

The file d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4654) files with added filename extension

Renames multiple (3249) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:37

Reported

2024-10-16 08:39

Platform

win7-20240903-en

Max time kernel

119s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe"

Signatures

Renames multiple (3249) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe

"C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe"

Network

N/A

Files

memory/2512-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 ee0d9fce59de2b1ebebc4b47fe5ce75a
SHA1 ca16f08d95a4b67922127f6362e489d1bf85baad
SHA256 b9f8bcf710c3b0b0a84812901ee11439e948f26d8012e542b2de0dc786db4267
SHA512 76008f8ccb5787115dc9cd44f6bba7a91feaee4ea69f9e2462407f473591e3b96ea1f099b4203bd979450a8e20ca80c8fe22df5c931a1e94b9e7875070a90ca5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 37f2bc1f205cde4dbe73b5f32b96ec83
SHA1 14a61cc4ff97fb15673055fe4f1a50bb12bc55df
SHA256 ae45dcc86e6d2e66ba14768afd2a6b4fa210b34c8ec0f4acc244a7b2392542c0
SHA512 d46af55238eadbab337ff02cc506fc786b13223c1d9f47d0b597e2c340838b6106a00f1f61466530cde4c494f41f58de10870ff2542dc35b2236f09d130d6add

memory/2512-72-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:37

Reported

2024-10-16 08:39

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe"

Signatures

Renames multiple (4654) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe

"C:\Users\Admin\AppData\Local\Temp\d11a8283a76a3894b349a99824ec3efe503e791f971e87348eda96f1df9119f8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3004-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 7140325d9f01953a4c5b834e8fb59d71
SHA1 2a832e412fc06103921a744a30c2d69ccd7ef405
SHA256 f26bf87936de0f2a6a3159ccc51dbe677a5a9327d58c658bdcfca43652ad0b87
SHA512 44861ffc2f45fb45612c5c99c20a667e8a7c015aadbcebef13461708192e1728929aac96cf3e8b93ea1a4aa9824155d2953f7be5e80f8d1cf2ecae62d0fbfbe9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c99c8da8daa11cac4537d2cb34fa0a6b
SHA1 8faae0162f1b809966074e1f497529ef799ad3e6
SHA256 37cc2910d4270f9db053c21159e3d2995617b00788805c2f0f14e00032aded32
SHA512 f5ae73fdb909483621539ee918b1fd63a298e2041dd94aca8b0f6636b6bf07f67a35af79ae16595e51589ae08fde13a778df05b4cf303aaa13cf51f3a1577bff

memory/3004-785-0x0000000000400000-0x000000000040A000-memory.dmp