Malware Analysis Report

2024-12-07 10:01

Sample ID 241114-1gkbyaxkej
Target 45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55
SHA256 45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55

Threat Level: Likely malicious

The file 45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4820) files with added filename extension

Renames multiple (3435) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 21:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 21:37

Reported

2024-11-14 21:39

Platform

win7-20241010-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe"

Signatures

Renames multiple (3435) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe

"C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe"

Network

N/A

Files

memory/1684-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 2cf5a17f54d0235d2efd060a98b635d1
SHA1 71ce0583a61e22d996357cb7395d8d75c09b5c04
SHA256 9645552e1edd4cecbf08cec2c4320299485a5d166925952ae1e4e521603011bd
SHA512 b69b4ec2cab90ff97eb55ea4e3e08b3a847ec1aabccf1ac0c94c98d5adc79583fb51399364d0f5e134c366187ec8716d9c146d6d0f2a6f67d2161cd4a1814406

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 56dd520b4e0f127fe1bb8e74eacbb5ee
SHA1 fdc4d06daa32f5c1dc5b008254e92392ba53995f
SHA256 ea8ba683a4367e268cf0f35b2e762af37c0b12099021b01bfaca793dee5ad0bc
SHA512 3b749dd98d85d346a08dc31e9ec4750dff05e74e6d9eaf0560dd04cca2c9cbd6032fd3891373d026d8520b9a6333a465647e4eb2942bfb121b9bdf8375f7b96c

memory/1684-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 21:37

Reported

2024-11-14 21:39

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe"

Signatures

Renames multiple (4820) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe

"C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/544-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 49244ed9baacf88220549fd05a3d758c
SHA1 a4e41f416d4d95a18958391d98f46692d9fc3613
SHA256 f3fca39aa5edcf8c220d2cd72865a2d4022a663228197facf074d7a0e53f2298
SHA512 74d41f774928741b8eb054e2b542fde154c2dbc582c415c0cc1c70b069a4b96c2c2028f27f051c9589d95904bd38603d67a376bb4a02f6fe95ffd138bbc50faa

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 953ce7aeb8380e2d62a03d7c811634f8
SHA1 f3c2546fc986223f81c746d4eec8cd01ec3dad42
SHA256 eb566bd50d041d079fcf61d3583fcd1a7415013f38896634b349f73f3a4be849
SHA512 1820d75b37c1d6f1cfbdbd2473e2bed9f70e23de2c282bb7da82ba06e06fa6e558bcbddb932e16d9b42815e61aee01765404ef61ae2f86dc4198ef03d0753a55

memory/544-656-0x0000000000400000-0x000000000040B000-memory.dmp