Malware Analysis Report

2025-01-22 20:14

Sample ID 241016-ykv7hasgqk
Target 10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN
SHA256 10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458d
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458d

Threat Level: Likely malicious

The file 10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3457) files with added filename extension

Renames multiple (4842) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:51

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:51

Reported

2024-10-16 19:53

Platform

win7-20240708-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Signatures

Renames multiple (3457) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Network

N/A

Files

memory/2644-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 9fb086fa08f7056f115ca496d94ef178
SHA1 d342b79e4ca4d328fec2654633aa18d32ed4834a
SHA256 3a5c4e90ca9d008a883dc18738468a10fefc5b6f2218cac10a4c35f99f6f42fb
SHA512 f8445fc518445a95d3d6e8c509152f508f2f39e4e437a368fe0cf634d21eb68834001daec9f69d54cf32d1fe07e849ec37e606c33aed176773c2ec962c9f09f0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 51f5f2f8d79ceb28830d0afda7762d3a
SHA1 17f9f71f8eaf5ca42adaa16d34fd3e4e3640bd5f
SHA256 9db408f29ca629e765e15d107569e601a879a642c4e0a324beb7b85ca45e3e25
SHA512 56f790aea6c6ef004fac2df395502b1d6718b45127121da3a57387a75b8f076730575f1ccb7634688156793b90aeaa7cb4444edab04ee880b3f9d2d5dd58bbbf

memory/2644-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:51

Reported

2024-10-16 19:53

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Signatures

Renames multiple (4842) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe

"C:\Users\Admin\AppData\Local\Temp\10d7ad24023b5128d4bae5a6c9cb0b9f7218f0f394c090c0f532081740e3458dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 5.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2044-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 aadfc350d024e286664bf9112de76f85
SHA1 4ee1e68afe9ccac23ee508fbe0139991ec2d0d17
SHA256 564db44a02f747b87da66c22984f7ea1527876b292ae10680a40eb7c1b6bed50
SHA512 cf86d33ce1418ea5915b9eb8730cfb65fc76b17701f081166d1053de06003852df333a5ecb882e8469371bcb7cacbe868a7ed1da64051534385b57e2939f47fe

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 359722e415b37e3afd47697b6fad088c
SHA1 b5983d6d4c04395ca3296a58c48763f8c2d55751
SHA256 083f5c92fca2971ead3674630feda7b39b539a80d594ae70877e856cd1e69c25
SHA512 3b1b2ccfafeb766e8d205fe34e3da10256c8ea7faaa4418218d695f3380c79151180e17d8956b611bc79472ee7f7a1ee4b1e1711a64ab00f022a6ca23dd74891

memory/2044-660-0x0000000000400000-0x000000000040B000-memory.dmp