Malware Analysis Report

2025-06-16 00:04

Sample ID 241106-bjag3ssgpq
Target 07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N
SHA256 07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1

Threat Level: Likely malicious

The file 07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4856) files with added filename extension

Renames multiple (3456) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-06 01:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-06 01:09

Reported

2024-11-06 01:12

Platform

win7-20241010-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe"

Signatures

Renames multiple (3456) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Windows Defender\MpCommu.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe

"C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe"

Network

N/A

Files

memory/2520-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 97d7d23e1be6993a3a05d379cb151b8a
SHA1 0a30347b51640e3fa060f95e3f89983f3861c378
SHA256 afa49415f51e847bd1d07d5deca638f14f8eb96f81136bd703b7457b48da7b87
SHA512 099e4c482a701d49e3af89865873a96e33ed291388a4cb6c4920dbf42aec6ca71e34c6472ba45f15b0583a7d3f52087d8445f3e01f202f4eb1ef0fd39ad0cd27

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 48558e12a4e8faedf14dee0739893fc2
SHA1 e65f51e693ab8c9eebbe1962356d98ddba68c202
SHA256 9f4c9ecd0fa742abd2aa9dcf2b3b8b4662926c306397994ca4216cadcfa21061
SHA512 4c56545b96647b843d24d5453a7e53bc0ffdf0e371e913d553b32be040e8a09fbd3080700b90e4b44acbd8ee5d8e30dfd658ebf32dec829a9028a885b9ec6351

memory/2520-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-06 01:09

Reported

2024-11-06 01:12

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe"

Signatures

Renames multiple (4856) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe

"C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4588-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 d65d21cf9b301619512e3e36da68247d
SHA1 4bbd0bb04eecfd7f6f487d1d028744f2899f6ac7
SHA256 e39b6e07824080e667e0713ff496634d8140161a0bd6fb0f87ae5ad8f21dad76
SHA512 c86cc2d6db8a92b12950f89122d84e950b8c61049c779f79de03eb34dfad2384fdb870b4fd4cb809d66562d456f225cc8dac81a900af4386d47a5bea6b9be3da

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a10e6aff19ac1d3462a97598c6c9b897
SHA1 65a55745f93780286dce2576ba2ce4f096f93d4f
SHA256 41f67e3bacb48777fa9e4a872bf8807fe59630fbf964f1321f2eb7b7461fa545
SHA512 2d5b417ca66dab2a2d0f59c039758b900411d77961f402a285bb4197e32b3197734db2a14766af2023bacc5e0107447ed63786f13553acea3a32046042ae4068

memory/4588-664-0x0000000000400000-0x000000000040A000-memory.dmp