Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-j2ll3a1bmd
Target e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N
SHA256 e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0

Threat Level: Likely malicious

The file e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4540) files with added filename extension

Renames multiple (3075) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:09

Reported

2024-10-16 08:11

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe"

Signatures

Renames multiple (3075) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\AddRename.easmx.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe

"C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe"

Network

N/A

Files

memory/2376-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 7616061842eaca88646e3d7d317b8364
SHA1 a69d9a2bc27d0176cf9578e0a437c174913c4427
SHA256 1715374c7f3366e5951d75370f122c8231593f49116eada7db5bdaf18f576363
SHA512 fe4709132de501fcdb9860ebff49ee4a11361ede3cae306587c3b33840a8bdb193e2854c434814a441dcf6da201dfc8590ebb9f56fd27659d65f269d8aabbe8b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2069633726d9df0d7ea872f7be56ae6f
SHA1 b06ebe76c304321a761dfb3c3c8f7e545af9380e
SHA256 41015c5db564fc549705cfccf003f2451cb68978157f620edb71303d8018aa54
SHA512 1cafa90b7016d933bbf64bffaca22b536fefc534f860fa8b0132a05a90a1f70dbcd8a9306234833bfec0c03783eee35c368136d6c30653939992cdef78dd1b4e

memory/2376-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:09

Reported

2024-10-16 08:11

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe"

Signatures

Renames multiple (4540) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.123.manifest.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe

"C:\Users\Admin\AppData\Local\Temp\e0979f45c627c63f550262d726f8387078d75973d05f439fb8906366ee3b45e0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3596-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 42f352e925cb7a5400b51db8ffc693d6
SHA1 492a600f9e2e0f966789c2252c920283a7f8e1e8
SHA256 a3db1ea605895721a5810b5f6e3a92b367cba3d94eec2fc63f01e3fe41d84e42
SHA512 6baa7250a5d20be8315db195ad7f6fb0bb9207c7009dfc891945c0e2502c3a6f09b8c8445a4860946425ab4ee8e9a2f8fe057595177fc6825392450b09d7931e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f720f43eebf5091ae077960a7a677ef1
SHA1 f98970ad62b4b9800baf4824cb70e34d56ca5eba
SHA256 4d1fbbe8d6d7e0d1a2ab3f1a7b9ee9e6f7153e1c7f2462243f8ef7f8d09dd2d0
SHA512 1d88be46d631596c75306a6297d54a55cb73ae480dfea2275256518ef29819fe845fd88ba6b7b2bf917413f2f809152266edecbed0ac6601dd3483615901266a

memory/3596-662-0x0000000000400000-0x000000000040B000-memory.dmp