Malware Analysis Report

2025-01-22 19:56

Sample ID 241016-wjbelaxcml
Target c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N
SHA256 c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3

Threat Level: Likely malicious

The file c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (539) files with added filename extension

Renames multiple (4863) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 17:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 17:56

Reported

2024-10-16 17:59

Platform

win7-20241010-en

Max time kernel

150s

Max time network

20s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe"

Signatures

Renames multiple (539) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\FindInitialize.mp4v.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\InvokePop.WTV.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe

"C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe"

Network

N/A

Files

memory/2348-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 ed136c013e7868c52500db9a930954e7
SHA1 5d17da54b54198039f0feff300dd13ac72881e5e
SHA256 910fce1a2a0408fb3ab6d4c8c2d693c1f29c83d435713e884782c993af7dcac5
SHA512 b3038f1add3d2658a09a215af4a20d0469892d2f03a6b7ee18ae879af214090098da3002c027b8ee9f869a7ccdb3fffdc681e563fc44d84dcf62c2e320b3b932

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1c8e8d5587fc7425a37a89b9488f8192
SHA1 faef18108d35567832e4df342c721c465fd40c22
SHA256 4c599f258c080d85734335f5c49489e2d9c327e920441319464077e4c62b89c6
SHA512 4bf424a159e956897fa7c0a55402fe6b0f1147e5ab1fb9868c8c476d495be4cbcab0feaa38150d3fc85231b3f3c3c640a84388cbca3fd70c409c48d0b8e15048

memory/2348-18-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 17:56

Reported

2024-10-16 17:59

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe"

Signatures

Renames multiple (4863) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe

"C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3740-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 cf67f02c9093cfcf6091520e2d4a6405
SHA1 01d3ca2d3ddfc0e2324d6e06224c4518927569ce
SHA256 d55edc221b178133da547960537f917e415b0ca5b55e40373167d2b7cd759fdb
SHA512 4a2ab3cca3e5b72b1f48f7ca377edc94c676ca08f57106a08c9c77504d1dd3f70e37ef628fe30addf3ff4f2b7bfc19190202d0fc78d0ec6c3b98d474246dd908

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5e8e4566b86a03fedf322737c25e7bf0
SHA1 0aff20e7606a0ecaa3228f04c820e0ab49b784fd
SHA256 80a7cf82af3f7e6294c4e6fc3f271d90637ee0a6b322dda4baa683635e443577
SHA512 4a3957c8b097e03119ce6d27bf33e140c2fe947117b743c95701fd980b47929fe1f73ccc2a22faf088de8299dd5bb52edb24bba762e667f9cc561fd24c48f080

memory/3740-656-0x0000000000400000-0x000000000040B000-memory.dmp