Malware Analysis Report

2025-01-22 19:55

Sample ID 241016-yt9q9atdpk
Target 524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N
SHA256 524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631

Threat Level: Likely malicious

The file 524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3262) files with added filename extension

Renames multiple (4364) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 20:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 20:05

Reported

2024-10-16 20:07

Platform

win7-20240729-en

Max time kernel

120s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe"

Signatures

Renames multiple (3262) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\ResetRestore.wav.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe

"C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe"

Network

N/A

Files

memory/1456-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 1b09a4bdc17d4603659045e0d1708321
SHA1 5e91c8ee546361e362996492eec2bd0f2c461b16
SHA256 0657de57a3d58729610ad0152ffa18c775c97f04aadaacba9923a565705ebbc5
SHA512 e28785bb8b5e624cfda562dd2b134c607b7363d7aec8856d592015ae93ddd312999f0528e0867a6d30e5b3e70623a4f3c661d36658ed805c5fea19226c4339ee

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3a2ba6a867ec51a5c033662425707bfd
SHA1 965cea9426a6920093163565373c9426977cc504
SHA256 880e10ceb71f14b65d7d22b3a3d47e70b44379b6688cb6557b8e6c248e4bc688
SHA512 62c8ba848150077ccdaef4aa07e0f7c53e7972bd8352503f64e43b8dc735d712fd62ab9b854b86c622f83a4f00bf453a7fdfc6aea71cd65f638e2336ad49f878

memory/1456-70-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 20:05

Reported

2024-10-16 20:07

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe"

Signatures

Renames multiple (4364) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe

"C:\Users\Admin\AppData\Local\Temp\524794ba3a2ccd6127093907221b22c9e5f1a3ed22f9af7ee935d0afb624c631N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/1548-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 23cd183ba100623d9c7f9cc7f9076655
SHA1 95f99fb3b05917c24868281f07d84c6164e02e30
SHA256 543c09a9be8d864832e0935ca93256a79900dd66551d66c6a6b0e1366bd0d04f
SHA512 cc872d4cf0e2cb0fc9058140e6dbeb62e3c0a607b2a96e9c59f00c42133297c59280390419245d3b7bf12f45fb852bea3640a7db8871bbcacdc1ad734e33a797

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9c3cd9e4d68b08d948ba4142ae763b8e
SHA1 9c75103e24268788ae433d81765715864fe0491f
SHA256 e8a05db213e36dd7d2088c15c4d52e686f6838ffd6bb75b60637c4da0d82140e
SHA512 5351e40f30de1513c21ccd9052ae650709be9a312fa39db90fca726a6fc0467136939759b25584a0e0ae2e17d57cda15fe1aa545cc5af552aec12154fd1b030c

memory/1548-716-0x0000000000400000-0x0000000000408000-memory.dmp