Malware Analysis Report

2025-01-22 19:55

Sample ID 241016-yep4asydna
Target 10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN
SHA256 10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458d
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458d

Threat Level: Likely malicious

The file 10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2841) files with added filename extension

Renames multiple (4361) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:42

Reported

2024-10-16 19:44

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Signatures

Renames multiple (2841) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\Parity.fx.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Network

N/A

Files

memory/2080-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 bf243133fd293b54d21b95beedb98c8e
SHA1 f26a22b7e6feb1842db3c2844db4166793480809
SHA256 0f504382b2aa867decefd27ed2f0f7e9cd42ed37f28a28d7721c1013223b405d
SHA512 f6e7228165fbfba304aee6a84a7df44bcfa6ba57211db3cc3629ec3d26901f2b522c5b1832c392699581f68470f49b0f2e40489b125c3b78e3685ad7cf45e8f7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e75adcc76d4c8bb71c29f5349586183d
SHA1 f44535e5e25c19b49c4d9eb926ac599c87137bbf
SHA256 9a8a2167ca48b55a4795055f248ca2d0c2c657fd3443e8de1566d6cc8491989a
SHA512 fbf1c3f10a0b27f06df448023b262da6c7d14138ea4aa8fe3eacc1c1292951c531c0743854c507cce92f88cf61bbdf670f8e331127957d47908a0f84b06d7741

memory/2080-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:42

Reported

2024-10-16 19:44

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Signatures

Renames multiple (4361) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/5116-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 2e03a5b3f4b0ad8f26886820c545efef
SHA1 541ba27a2a51693812a9ce21d7ea401ed36c1aac
SHA256 af45dd239fa1a71c9495f2e67aa4e4e52f65051c66690160bc2240ffb29decdb
SHA512 366752d0c123117d0c1ff9cc14a494aeaf685e1885bfcd3eaba99fc45052ffd334a91006f7934086a722c441aad532d61bdbfbf45c2b82c2efe3850f0fd8a5c7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2923ccdbadb5957d69a4cbbd3fd64b10
SHA1 4f7c008102c75fa21e98910641cd03bcb756416c
SHA256 492572ef3a126150d1df6dcc4fbedf52d0a51318b3ef8571d73eefef27ff2cd1
SHA512 aa2cd7bf3dcc4a24ee0a78706ce3972624ff2e0ad99fc49bf445f614d3acb777fc471e9c135cc16e6a75c3d0e35a6cbea574b16f3a77f0ec5a15717c7f027e8b

memory/5116-660-0x0000000000400000-0x000000000040B000-memory.dmp