Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-dp89pswarc
Target 19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N
SHA256 19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230

Threat Level: Likely malicious

The file 19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3250) files with added filename extension

Renames multiple (4648) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 03:12

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 03:12

Reported

2024-10-20 03:14

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe"

Signatures

Renames multiple (3250) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe

"C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe"

Network

N/A

Files

memory/2524-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 a07aa9c2c9684f621e3a6dc91884f441
SHA1 bb5f2e5691acbed7bcdd3577fde5f79a57217b38
SHA256 58c55c41bddfaeb638f810009717caf4de02e188d29db56f9a236ba022239729
SHA512 034cea08b2e498d1cae75777f0af87f3f2cbc82a2d0ed42e514c9f1a79a30e18dc3cc2e93967c6a4a9b0201bb88ece921a8458ef4c8b81b7e7d2ac44d41ad3a1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8b70eef25f2dee009d2a77b07c0bec09
SHA1 079a8398840792e394b204d2bd9f81c027b984fe
SHA256 eee63e9d4b2f59f522cf2c8f15cb84e55cb51a265dfcd31532b18435006a3d40
SHA512 9206cb53cbe545b845c3b22db25ee790c5fb5faf8fbcdd55ab21e9c6c87da9bcdf0bce7cbbbb700ed882fffdfdd5590141339851520d8891a04624d63f2711af

memory/2524-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 03:12

Reported

2024-10-20 03:14

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe"

Signatures

Renames multiple (4648) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe

"C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/1008-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 a4674cb13945da20d516f0cc37839ffb
SHA1 75bbe0c5252fc4196ad593576ffd34df33bad4a7
SHA256 12df7eefdbd64be39e0f9fbed00f5efb7b272519e0ac3b0150e0b8b6dbc00e4f
SHA512 5f95eb7beba0027007fcb0cd95847953250e98845fde84021a148a1d7149705e9841b7e5ca1178e0baa13f61b9badb1e823f4d9126f506d5fcbd8ba86bb1bd63

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 49f68afd7fc73c0d8e3c12cab2a59f9b
SHA1 6587afe8a7efa253b6d15af4166c2f1b1cb98a84
SHA256 9e8ea7a4d6472dde69c7785edbeb080c9212f9ce412e3f0dd82fd9a2c9038907
SHA512 4c88b138343775141f410cb03d45164edcf1a09920c39ec766d2a7a872a3bcbc45c893e93f9844a8e48973aada6182928b8696f10c93d2a840774a8a2b48e786

memory/1008-786-0x0000000000400000-0x000000000040A000-memory.dmp