Malware Analysis Report

2025-01-22 19:56

Sample ID 241016-wykxksthqe
Target 103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN
SHA256 103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcf
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcf

Threat Level: Likely malicious

The file 103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3193) files with added filename extension

Renames multiple (4538) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:19

Reported

2024-10-16 18:21

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe"

Signatures

Renames multiple (3193) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\StopEnable.contact.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre7\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe

"C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe"

Network

N/A

Files

memory/2676-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 7bec10250bdf9e29a4b56e00c490570b
SHA1 a61bf2912bd993048533c63d8e1785bb7e195be0
SHA256 584ca0d0a736e7341e0be210c8cff9d2a32be2b30c050e913ac759537e1b4bee
SHA512 e282c3632f2e965fdf95c0f5dff07644de85187903d4fd93bf5e1e2e837f174ce28f62c9b74936ab30c6285e0425396d741f27211ac90d5d87deff1065de836d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0a59f0bb8b1b65cc87d36b117516bf0e
SHA1 efa37ff9c3238e771b141e7ddd70f306e4bc6d1d
SHA256 2416d9e3de387b74433c8a8275a431f93477b71cff29e75623b01763832abe71
SHA512 c6c636e42313f59b471c00cf90da2d2a3e8f00ec35bb26e9e723e6a6268343d29d0c71f65c3d6f5ada6f5838646d61774bade13bea32485b1bbd70d2c656ab78

memory/2676-72-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:19

Reported

2024-10-16 18:21

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

110s

Command Line

"C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe"

Signatures

Renames multiple (4538) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe

"C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4772-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 920969402d05027597537daf6f5f15fa
SHA1 f18d5b3c74918221fee6042fe1a41e4c703a0d66
SHA256 f581fdfee6792aa6d229f92cf5ac7c8eb4a703d3ae26ec8cbb10de0d62ba65ff
SHA512 75046033707bbc0ef55bf9c2de6621fe7039bbb692a4448ba69df394fed5596a9993fc9b19c62354db5bebaa2bc34d72ec3b7d6f4ee7cf12a002c39271a4e056

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 23e9cc4e752eb5a95e63d7c3afbac17e
SHA1 743254f24f4c7a97d571763f83f01023de3dd3c2
SHA256 47fd60aecdf85ce23e2b24c1db3a1377a2c816390951386810988237fdbe1e08
SHA512 5837201bb54196704e453f8965fe4674e5b74e0b8a96a5a8c73a0cda24793062bbf5c29093c3e77214d8adf831bad1efe3e71662f08d9f7cb80d823430a7c613

memory/4772-744-0x0000000000400000-0x000000000040B000-memory.dmp