Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-jz3ska1aqe
Target 39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN
SHA256 39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8e
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8e

Threat Level: Likely malicious

The file 39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4355) files with added filename extension

Renames multiple (3078) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:07

Reported

2024-10-16 08:09

Platform

win7-20240729-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Signatures

Renames multiple (3078) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Network

N/A

Files

memory/2324-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 0d41b668e0b0edf1d9b603c59b84fe74
SHA1 6c6ab77de6e82c76fe524880a131868cc3f02027
SHA256 bcdb403d38ed12ada5cc08185b6eae476eac998e2bc42204acad8d7e2f729796
SHA512 6b51c88846e1ae98a0a58d4754d219c0bce6c90ae3696c861aa4741824be4ddd540d127329dde642abd282e290c853d3252136fc429a873724f156bb50dda0c3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b06075a0ed57447b592d83c74818beda
SHA1 c34f4dfa60a275cdba47f6e24d2671fd864c2546
SHA256 e5a10aeba363b7e1d98231229a67eb9319bff02aa9f3af201bd67308b81fb2c5
SHA512 d690fedd1c1a3ff494a414dfc21f543b194a367552dd7df03381bdf25ee81e78bc220a65893af98837a31582a31bdbafc3a393077ee337e18695834d1bc6cad3

memory/2324-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:07

Reported

2024-10-16 08:09

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Signatures

Renames multiple (4355) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe

"C:\Users\Admin\AppData\Local\Temp\39c7aba3f3a524a113491fe30801214d71d0c8280eb97febb6b94b1f45b2cd8eN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/5080-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 dd2e9df77d8f56ec0df72daae7a42a91
SHA1 0b65997679ab7cb1523c767ab8edbcdb45f2f9c0
SHA256 647576d35a2483c00a91e8e2850f80eba7fbbfd1bb69c7f57345b222230ab838
SHA512 f5a7c3530f9ee699869a404dafb5397f9f3f5e2c958d5b68c1e9204295998378a0ee0473e717f3b9a08fde6afe1a59eba3299d4bae3a8644b81449da64d0c153

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 259ca55e301991dfdc2443822238faf7
SHA1 0156d219ac08318b3e83135de393d297fc4f34e3
SHA256 e9af197cf202cd927c4a76a692ed2b1a95ef2d4eda9909935662e783dfc2b719
SHA512 c476a8c2eb37ea714f84ae996362704ab6eccaca168943a6f6c4940a6e27bcacf99967120d492bbd5c6c0c8daa4c6a543d5f83d75c55716aebbe0f38ec267d51

memory/5080-662-0x0000000000400000-0x000000000040B000-memory.dmp