Malware Analysis Report

2025-01-22 19:55

Sample ID 241016-ycb4nayckf
Target 81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N
SHA256 81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657

Threat Level: Likely malicious

The file 81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3080) files with added filename extension

Renames multiple (4512) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:38

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:38

Reported

2024-10-16 19:40

Platform

win7-20240903-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Signatures

Renames multiple (3080) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 63ba6437cd57e4110dd482d3b2037baf
SHA1 b009f4dd0aceed4e6826b15e65db9a18490160ce
SHA256 03bedda47aeb7ff6234e8be6aa6f0e61ed1880a98ba8ac5ed467c903ea4bdca2
SHA512 c174dd02edf5d930e6b95441029e41fef14496dca405ff6126abf73a36135821e47df895f8e5f40a58aa271853e331a1995a5edfd5a5727c2bbccfb26bbd1bdd

memory/2264-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a7c3ca5c24c7ebe988afc44e4bb15b57
SHA1 57b8c879cd98a55ba78880d698a1bdf0a3e6d6ed
SHA256 d94875e4fcd1192da49542c55ddfee3f7dcf3445353251bf4fe038b1731b90e5
SHA512 9b71fce3dad287ae21574df92493f9da156f606e64c2f15996ae030f2bb69b4284d48bf2b2bb363ddd4b8bfbbb696636142cb03341d95ddaea824158babe9437

memory/2264-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:38

Reported

2024-10-16 19:40

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Signatures

Renames multiple (4512) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 5.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2152-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 52691828639bbc4726d284041de520c6
SHA1 b1e48ece0be91fd21a612891c8630d5ec2b715e9
SHA256 64aacd48b6b87aa9770b5eb37682cf6626ec0503910ef5038df31c935fd9b0a1
SHA512 5342326aeb12237120abde64ead04169f7d3b4b364c39b06a4f00ae38215e688b44048b9248d1451cea53c89b8087be302c1f54dbb70cc33c8e588056cd26365

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1423fdfb05dd46c54466746fc2054548
SHA1 9adf25af3d74e931958bf5ab4b0c4255d07e98ef
SHA256 846dd7aeea5d447db361033768613f9f7fca15a7321509f1aa3b2ea1f9fccbf8
SHA512 ce29f801c6b82193b391191f8d8508cd98a9ff1bb96a9812f7a385cb28c50900423745ff405e87e0addb55567195b5d4302fd8f727d2a5fd49473357c8f31656

memory/2152-665-0x0000000000400000-0x000000000040A000-memory.dmp