Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-fhnqjatcme
Target be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN
SHA256 be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1a
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1a

Threat Level: Likely malicious

The file be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3737) files with added filename extension

Renames multiple (5051) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:52

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:52

Reported

2024-10-16 04:55

Platform

win7-20240903-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe"

Signatures

Renames multiple (3737) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\CompleteTrace.mpeg.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe

"C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe"

Network

N/A

Files

memory/1908-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 aff13782488f8dc307c01fbb1415f8d5
SHA1 e02c4354ea90609dc719e0aa1ac6c35596cabd1a
SHA256 96a904c776c8876384aa4475be40ad8873cb64503e3eb049c9eb4f965c0bbed0
SHA512 70a4cdc10931958fcdbe43993fca6ae86e499a1721b03507ba4ef92b1d7d613d63b447bd7bc36c671668fa9e2baad70e5f64442e6b27baf437418ad243900bcd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 01b023516cc7dc07a645f2197c8f733c
SHA1 63cbf673148d4b643f471ab5fcb1b9df9c19d64f
SHA256 feed7d8472cfd893c47dd9d444b5a01f1879a63e870450d7502fdff4315d5acd
SHA512 c02cfc8615f6fe883daf72c0eba97b20ef07a7d9099147fe029fb37f1791086c2e35ac8bb518ddce4fbd46e1396151caf48252be834566e0551ed6cb7beef5d7

memory/1908-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:52

Reported

2024-10-16 04:55

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe"

Signatures

Renames multiple (5051) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\EXPLODE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\ClearRestart.3g2.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jre-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe

"C:\Users\Admin\AppData\Local\Temp\be9d861bc507bd325284fe1ddb5eaa184a5f538f4ff4fa37bd362d981499ec1aN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3592-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 ea4fa5f76055ad502a04576a342fec1c
SHA1 ae2b3abb461e9eb6bcf44567ab1ccdd19d59e663
SHA256 0e5d480908429491fa3e7b8a21db300ff8136e387a257c54a92b909366e96729
SHA512 2569c3a2266a6f88c462426f04f8311a3b1a966659bcdfa7b2565338ee0253cdfe3eb066cbb95f96d19f5c21a8e3fd480de59ce2a6f1e0639b38e48f704c2f10

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8470195cf051f323e1ba18b1d08e7cf5
SHA1 5fd0740426a115d875991a2bf163e4742af15974
SHA256 9a251219eb71e268fe6333da2c6dda5302478b37a3aa073051f2fb3344495c59
SHA512 62d1b7d93e6fc3357b61f1c4f0b8187960874a035127b1629c96e4a0707ec96c210d566ab5e3da4a2363bac7f45a0ac473506f27cf61f8869c94e0bff9d84a27

memory/3592-730-0x0000000000400000-0x000000000040B000-memory.dmp