Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-c7j7vsydqg
Target a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425
SHA256 a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425

Threat Level: Likely malicious

The file a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3756) files with added filename extension

Renames multiple (4850) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 02:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 02:43

Reported

2024-10-16 02:45

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe"

Signatures

Renames multiple (3756) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre7\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre7\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Thawte Root Certificate.cer.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe

"C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe"

Network

N/A

Files

memory/2824-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 885cafc4eac61f1c205b172baa8212af
SHA1 7e908db26c1feb63ae12de73c7c14bf5d62850b0
SHA256 072bed5128dca732e363c7fc33490c0b156e0032c229691148a2b97dcab8980c
SHA512 c8910df90cfa079ca7e5f4acd498f4988194d1a042791e5700d21f33a58214abe66c50917536fcc7e19eca731f0bba34541d247fd83094c48df67598dbbb2680

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 eec4d975a96e1b4a9224780fb47722c9
SHA1 5c2bfc3182164ed208b9b89034bc2fe4a40c0a96
SHA256 0a1bd1af77754b9ef3a20d3a5198e7d7a05dfe2d2285aae08a5a3504fcce6b86
SHA512 63d7ac54cd7c028f7c435d302fa95f74d2af026214401f1f271021256f8996f6eb5bdc07129ec6cd6cd74ee3c008fa93711ad09bee632dfe9ae6f262b0547262

memory/2824-64-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 02:43

Reported

2024-10-16 02:45

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe"

Signatures

Renames multiple (4850) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe

"C:\Users\Admin\AppData\Local\Temp\a3496aaf6c7029b956280a6f21db5f1e8e7a6ecd4032e0eb128f6f0095b55425.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1588-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 38db9e8bfa33bef97e0f9b88f2369dda
SHA1 cb4f2e6cb5468453eb1058d895ed32bb4c2b67d2
SHA256 abbb3d94ca0f4a0c0fd5153fa480557cd26e9eada92013ace63e5833d115e70e
SHA512 b63b31d6376aa9d00ddb8bf3b56e644c6cada1c077747857b6c2eeb4ce0005b9a04ccf57df0eee8b8c98cf2a1c1d8589d848e7359273a7101343090c622097df

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 17a364b467de97311ae48ca3884d2b78
SHA1 0ddb22622c370cba6127b9c9dd35feb0ca734d6b
SHA256 cca0f988efdc51093c69538e174464fb895804be95ed8dec35a4b131ce5e7d00
SHA512 f1c1d60370888eaf1919477d35df4dd67597e4ccd1ca8ac7474c6274d311d11ba7b4e34e8ad111633896f92930b6f1ad3e5f2c77b890221de49c85633f748b4e

memory/1588-422-0x0000000000400000-0x000000000040A000-memory.dmp