Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-j3vlcsvepp
Target 39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN
SHA256 39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8e
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8e

Threat Level: Likely malicious

The file 39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3666) files with added filename extension

Renames multiple (4861) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:12

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:12

Reported

2024-10-16 08:14

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Signatures

Renames multiple (3666) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Journal\InkSeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\TestUnpublish.xltx.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Network

N/A

Files

memory/1728-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 d4de246ab38d99c9eed1e33f9a32f67b
SHA1 8c1d6d653e3d8acf5613cb1159b4fa9e7785e694
SHA256 f5a3793702cef06160310a10616049aa0950b66d63960f925286ee6eb415acd0
SHA512 ee2febc3d3c8c53a6afa791562596b3b71503792f0bf3d1b0ff69b4f43cf1496c72d8432972a118c5112753b59576d9880edae3deb7b711b159fead753cc13e1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 41e4c71015bf60daf45a065c1db99c68
SHA1 dcb846ed737692f1c987018dc7ae8d35181d73cb
SHA256 4b44d5189da5af3697e61ce87f73033edde72431435bd061ce29b8a24120bb23
SHA512 4994584fe3ada783856c37d727d197b215fb79599fb5eccf15933dda11298e3979e6480422396fcf84fb0af0d8e2ad59ef03d92ee58fe25689a02e0f9946aab8

memory/1728-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:12

Reported

2024-10-16 08:14

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Signatures

Renames multiple (4861) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/928-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 c4f04080a7ec71a1055af2ca89dd1b14
SHA1 f7bd8f084643386d4198e32d1b0ad6fb04412fba
SHA256 2185eeef4a80aacbee686c208d9f268cc56c572e48e2c857307f3881094eee9c
SHA512 3455e0fd4d10c7fa5791c2f8c19593a5bb4395e0186e43910d7f5c441aff0c76bbabfeef60bf345671f5abc0fa312c971d75cc8a7ae0c65cd87dd934f146431a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0f988cc4fe087eb7c7edb5450f72f778
SHA1 eee5618cc2ac267b1da7a944ebc853025ba86f2d
SHA256 372d437cbdb2f7eeb185c94d861edd225f5ed4683b38656ad96e4dc65c53b388
SHA512 c2636bb10fe855c3c371ae16445af65e699506ddb3712d10c6a4c805d4892905c354f3bfa4c52d93761043dcb07af1f769b4cef90573b07bf07a319b50c7f7c6

memory/928-660-0x0000000000400000-0x000000000040B000-memory.dmp