Malware Analysis Report

2025-01-22 20:14

Sample ID 241016-ydssssydjg
Target 81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N
SHA256 81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657

Threat Level: Likely malicious

The file 81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5026) files with added filename extension

Renames multiple (3633) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:40

Reported

2024-10-16 19:43

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Signatures

Renames multiple (3633) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Network

N/A

Files

memory/2032-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 90d092475cc88c78e9447db843ee7149
SHA1 b1c90b654f6fc9a7635055f6548aa8311b67c882
SHA256 ec81653a64f34fa29b06e83055dde52f4fb16704daa261a06e02c1171af5c26b
SHA512 b8f6ecff09f963879c36ab33b09aa78272490a9f914b221721c1ef3d13bfadc5b6e6a1754e6b7f7b8ad9f1c3c7154ccfdc988a5d0a5b426af5bae6710442602e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f2728d584c0ab49d3ded834836524867
SHA1 f05c144086a36812028df612559e9f6a7e885446
SHA256 9a63fc72288c826573609f7409b8cfec0144bf49c019d8fcfad777f63cc906cf
SHA512 4955893834e9e57bce0b06f5577c44e3873743e49c62693a879e562e433b821b47580b1be44c73f7e81e6187100fa3a34b59ac9e8a7c5c316f2e44e36845034f

memory/2032-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:40

Reported

2024-10-16 19:43

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Signatures

Renames multiple (5026) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe

"C:\Users\Admin\AppData\Local\Temp\81ede8ba4ebd083cdca266190d499d46b800e4eba54c41a0d6fe6225ec4e7657N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 5.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2204-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 1aaef8f6b3d6fc11ffafc069eafad922
SHA1 8a2f97d6958441fe2039af9690ab7127ac135e41
SHA256 57e7262be0d55bcd96b76fe07e08d18c8ecd41f26cffffb98e21a60271f75234
SHA512 afcf06f780437bdaf34e85946e0bf92a300a13ad528c187b6817065c5dba73a518daf462a706cbb176c7e25c79b9773818be51e28ad0555455aff2d86e663502

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0b71bf10690f54395f0f953ca26982a8
SHA1 77b968870053357ac48eb26601b0424ca3e00780
SHA256 2f73e879cd273f501ae383c721b2e97df360533b327669663879faff5f490c61
SHA512 a5bad7621ffb397d874cd2f037a98e67b68438ff5560cc3cf4eaec6bdb80fe787e19661d7efe3db76fcea7cd8439dccafbe839b18187f97657683a0888e5911f

memory/2204-781-0x0000000000400000-0x000000000040A000-memory.dmp