Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-vn81zs1grq
Target edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N
SHA256 edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64

Threat Level: Likely malicious

The file edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3337) files with added filename extension

Renames multiple (4644) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 17:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 17:09

Reported

2024-10-20 17:11

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe"

Signatures

Renames multiple (3337) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Mozilla Firefox\removed-files.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\README.html.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe

"C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe"

Network

N/A

Files

memory/3048-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 4b7a17df318fa7e9511bea98b8bcbb38
SHA1 d9152531124c064db66026b2fcceb0fd147521d9
SHA256 d99231b41d0a0b3157ae1b21f65512bf378830a825867f35881233dea9de4cbe
SHA512 ada736eb95d71da0de4d94da7fce8087d74d5a91a961eaa2d412a8e4d666f875b087610c4f77c05a2cc241d14ace45230cecaed4b95e6c37637814138641771f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ea8ba5042d8a54e3488b19084cb8d04a
SHA1 54b32f51512f8e845474c91af525882d653fa960
SHA256 55104e808bc61ab723e6d24a0a7d13674322f0f8d2d0574256da487530ccbba5
SHA512 c879bd5e1a7838d5fef18168a1f557915b924d0902da64208ed769fb4a597cc20bd6dfe3e03b62b4cce7cbc7457b9c2dd5e2037d8dd0de64bcd9939c5747d100

memory/3048-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 17:09

Reported

2024-10-20 17:11

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe"

Signatures

Renames multiple (4644) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe

"C:\Users\Admin\AppData\Local\Temp\edd53322e112e553cc59fad76f90c3e3718892ee535f0fc97f6a94a6efa0ca64N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/836-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 e598f35dbea90da1bc16a55563c714cf
SHA1 4035b013f5d339838e25ddf2692305c3151690fb
SHA256 16604ead5459434d8dccbe9814012efd738c2907702246a96ce7a4948200696f
SHA512 53224d21e5a364f330a5cbfdd9acf2bc234575170a1a3007596c20792162d66831a5893fb494a3aa92233ef72ef3b632f493ea858f677df1cecbd2f991b5f6de

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 79ddfbf887e86352e07bd67e638cae75
SHA1 5462baf01e38c5c2d1e49ae5c011245ae747b8c5
SHA256 835ec7281beae89b7935e60f96d5cfa4f3e67d539b7d4871499ec4fb4af28dd1
SHA512 1d08cfa6831630a6227da00604d80eea7e5fafc8a503dbf794ff7507f6fddee7f834ebd5f03dcbbbee3770d8796b77e8e417b1cc431b325791eb10c280b3071c

memory/836-782-0x0000000000400000-0x000000000040B000-memory.dmp