Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-hktqnsxgla
Target 3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N
SHA256 3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742

Threat Level: Likely malicious

The file 3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3349) files with added filename extension

Renames multiple (4658) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 06:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 06:48

Reported

2024-10-16 06:50

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe"

Signatures

Renames multiple (3349) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Mozilla Firefox\update-settings.ini.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\SearchMerge.dxf.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe

"C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe"

Network

N/A

Files

memory/2272-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 d12c9ada470d5b30607497f38032c19b
SHA1 742b864a7fab5ae18c9ef9bb606dd46b8ef3cd96
SHA256 64960d1003eb49459c657239283bc19e83b9192784ef1546a186fe0fd90ad95d
SHA512 337485738e5b7e381b2a653f9db7e35367cf6259418add2d7a8d673e33b9dfa3c7e3ecb28a81d35ec9bdb5e37e1c61b78e2e7801df5b3ad84809ae87edc5a313

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 eba625572bf335dcb7886514643c1cb1
SHA1 4944d4f85e6afa31337684bf737aaf541f1be119
SHA256 4fce9c2554aedd14b6238672f479fefc4b1e5791675e30acd5dc3c4cc4f47f0e
SHA512 7888cba841ba08e9dbac058782fcef316ffbf2f42e62e981bacafe41af07b584011eb6df5bb1e58848a348c201fa816caaaa82ca5968efd3ac87e3d56d621278

memory/2272-74-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 06:48

Reported

2024-10-16 06:50

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe"

Signatures

Renames multiple (4658) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe

"C:\Users\Admin\AppData\Local\Temp\3665c127076eb40cd3c3de1ebc14e72ec7c7bb7383898ae1b975bcf169153742N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

memory/1244-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 fe85d58579c0b9de256c65f3a10b9ab2
SHA1 496e1cd713b7d48b57e940d2cbbeb1d32f936c01
SHA256 412991d4abc82aacf5ddd90eb73a54df5e97b82eb86dd8504d51f271b979634e
SHA512 ae96e2bfa8da132fcf2c4a1deff875de25d7356d4d67164aa4fcd29274204c9ef08a787d5f1b021a53cc2135068d55db9dee27d031d3358b5eda34dd9fd08648

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4ebd05ab2ee57296e4a4bc40e95c5927
SHA1 4c229e03df13af4f38178205a93614162ae759ce
SHA256 7000a5b31f02d17bb42c2653e8857152648d70464ee68ced405c5b8b1adee41c
SHA512 b403ad94dee7f46745a581c05cc23bb7d2077473850daa57152ae4878388b8d916e9d9e914b9f016406d8cc5d42e858d0c9bd7a143c0b7d0c854ea379d9f8dca

memory/1244-790-0x0000000000400000-0x0000000000408000-memory.dmp