Malware Analysis Report

2025-06-16 00:03

Sample ID 241106-asgr3s1hna
Target 82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f
SHA256 82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f

Threat Level: Likely malicious

The file 82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5030) files with added filename extension

Renames multiple (3731) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-06 00:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-06 00:28

Reported

2024-11-06 00:30

Platform

win7-20240903-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe"

Signatures

Renames multiple (3731) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Defender\MpAsDesc.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Mail\wab.exe.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe

"C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe"

Network

N/A

Files

memory/1732-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 928a410189294ca300158a3a598ccc59
SHA1 be43b4f538bfe13d4b48bfb69ec33cb59749114c
SHA256 3e1f994b74444591ce4350a0335513cdc3a8078d09e290658b44d601d0a9f026
SHA512 ff6058233f305917ecb637f471f97303132a97a1e87a28791f1dd5699e8bae029d5c11b13ccbc67fae67a4117dc459284fd0db6cf91aa35867770ca3ac5482d7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4e4631225f05bef15f41486b50adb8df
SHA1 5641c663393837eb7656617e49be50722571b36e
SHA256 0617c0fb891ef45a53045a052bcf7638e69a99cf3df7c3e97a8acab6e2280fb5
SHA512 b6de7f51cd436b1e852823175237ab03be4ca567b0ab106dbc04f69a35138762ea9bf94cfce7fad708cb929d8d15a48cb82a727bbb1270bfa95783d96ef73310

memory/1732-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-06 00:28

Reported

2024-11-06 00:30

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe"

Signatures

Renames multiple (5030) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe

"C:\Users\Admin\AppData\Local\Temp\82edf59ccd9f405a95259f38d90957f97510f09b772e59645b8cf07ac5d4bb7f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/3660-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 25311d75794f0ee522674cf7fc933b22
SHA1 1a51efae5ebb597d49bdaa88a4e9c77215210c83
SHA256 5ce51bdc1ded87b83d3056a440886b88653d882dd73c66c7c9f1663cdb76ae85
SHA512 f69b1078de1837e283d7b4155963f8468c52f7b4e52814792d22285c9252391b65a5d37950961abd233e4d2c927b28e9a1228ffc4c4721ff2de041716304dea2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5d3db97a2fc8bac870be5e71c9b64977
SHA1 c69e0d68a45b940f3415ad896119ff0308030b7c
SHA256 7c391c18321b1230cc06e203d1e9e48ed63e4b947193cfca4b6d1a1c0536718b
SHA512 fa02d86b5a6198170d0fd1dbd2cde125e282fb62da85771074b30c7d5c040547257f26bfc5df93d72f5a5b4c901753fa8fb12565425f5bb5822f672dd234cfa6

memory/3660-666-0x0000000000400000-0x000000000040B000-memory.dmp