Malware Analysis Report

2024-10-24 18:21

Sample ID 241018-ejqqvayepk
Target 42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N
SHA256 42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333

Threat Level: Likely malicious

The file 42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4623) files with added filename extension

Renames multiple (3278) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 03:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 03:58

Reported

2024-10-18 04:00

Platform

win7-20240708-en

Max time kernel

119s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe"

Signatures

Renames multiple (3278) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\UnpublishDismount.dotx.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe

"C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe"

Network

N/A

Files

memory/2660-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 83e405022634d5953b27c7709327beb2
SHA1 3622055489ccdc159da5299f6122f6bbc6cc07d1
SHA256 066fe29a528f5dcb7972c8f9adb627ed9f85d888852dc6c8aad0838bd94453d4
SHA512 896006cbdc3188b3e04e385a4bdaa5f321253675060c75c60c1ecfb3bea7f3fb94dc9d828f3407eb19a4a14f44c1607634eb293d2fddbc237e589cda92810751

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d0f06ee91fd5fe60b582d559ba5925df
SHA1 133e99fcca3a8072c2d16cdf1989ffab3790f76d
SHA256 35b8f9907184cd6a9c6862810c77dc055f001d5c18e49db6067aad4beb661e81
SHA512 7275fb17692c65208d31f33f34be48a0d1f3f21fd7b334c68a81a1124c016e58a9aea24094730c4d5d15ef889661ba1de22178db15b3a09a79ab3a21abaca05b

memory/2660-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 03:58

Reported

2024-10-18 04:00

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe"

Signatures

Renames multiple (4623) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe

"C:\Users\Admin\AppData\Local\Temp\42d5489ba717c1f3aeeb7c9d343adabbeee5b0b4283679705dedd48cf3d22333N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3680-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 22e2002c189db21eba2abec5c2bae1b2
SHA1 c543fb468955808c6ad84f070b666cde4439c7a7
SHA256 bb6daca08b90f8ab1bdc4d853396d5c771b6ba5d385647d195af81add08047ba
SHA512 b71245252ccc526631a3a249ed54d4821f975c804e3c1f1c7daa329617b643b47499a316c55a7f7b0dd6c204c16389bf43db55429f589c3d86bd1bebd16d1f03

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0293c1fbff4ce48d773f170b9c1e4056
SHA1 67e68e5f855a9009e88c39a20a4e12097dedcfb5
SHA256 ba66eae5381edbaa7da5aafb9dbdeefd30e56b77fbff801142fb617dc1156a12
SHA512 9bf18e95e160f7e531e5c00a2024de3d559cfedaf49b450c0484efd734ea70f9cf63124f0d338399e60ff5f5db77340773424afa5b87b6839125d6bbd6a326f6

memory/3680-782-0x0000000000400000-0x000000000040B000-memory.dmp