Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-x5p1jsvemh
Target 3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N
SHA256 3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6

Threat Level: Likely malicious

The file 3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3450) files with added filename extension

Renames multiple (5005) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:26

Reported

2024-10-05 19:28

Platform

win7-20240704-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe"

Signatures

Renames multiple (3450) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre7\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe

"C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe"

Network

N/A

Files

memory/2388-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

MD5 49415746a81db0687ef54945c6ce2fb5
SHA1 d66acda52886230e26dda1188310ee6aef84ecc5
SHA256 5b6bcde910746dede44d15c9db5d892e50c45e10bf1294be15e1125c06e099d7
SHA512 4aacc9ba179a7e89b715751cccc463b895fefc13c74922e34a51a58dce7ff0e65ed43ba027c4a202a4a95065eeb701cec9b4ebf8398948febd56c86b85be3f74

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c8b500f3cc09d802537ae959814ad3f9
SHA1 2b6cd25bdd4db0aa43c4876e54ff628442d9bcb5
SHA256 db0d628cbae6edea0d115f98b23b0c4659892f7f5063996b40924d13417a775c
SHA512 2689ea70436a2660f809e5a58c0411f0b05b18a1ccf9578435f6f2fd11dee4ab2268322cd3fde302207fe390486726b15cd7a30adc94362efea46f9638a99a3a

memory/2388-70-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:26

Reported

2024-10-05 19:28

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe"

Signatures

Renames multiple (5005) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe

"C:\Users\Admin\AppData\Local\Temp\3a0a366449b7dd3d3a9eae9253499312092a0ac6d179a547320852cca7f019c6N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/4888-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

MD5 dbe35cbf5210fbf810e1a542f779e4f1
SHA1 d81aa1dea3c6d97a7175062f5301172f89069e21
SHA256 dae24f88a0fcf280b32a376e1341c1f5e98d893ec92a92f1c3d849a089d8f47c
SHA512 1056f10721455444ac22fc4db493afa5e70cc6b04fa21047788c6ec364a870c4cea5d3af82e02426d5a339668bb42c3f70516487aa0b613edd5b443dbc8c8055

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c3ddea3135532abb45df4fc48bb2e60e
SHA1 7cbb92f0a2c0108056c52539231ca77f01a26b7b
SHA256 645ac37bbb210d7d70367e592c006af3570492c9b7fe59a08bebdb949bbb080c
SHA512 c22e71c776c7b9969a58736d15534ae8ae49a2b3aa450ba1e90ed3c03ce33db62f8b6cac60f03ea9ac3355d11564b058f2027340f625c593bbd55f4f44ca17a5

memory/4888-900-0x0000000000400000-0x0000000000408000-memory.dmp