Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-ysc1wstcnr
Target 38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc
SHA256 38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc

Threat Level: Likely malicious

The file 38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3521) files with added filename extension

Renames multiple (4862) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 20:02

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 20:02

Reported

2024-10-16 20:05

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe"

Signatures

Renames multiple (3521) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jre7\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Mozilla Firefox\removed-files.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jre7\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe

"C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe"

Network

N/A

Files

memory/2888-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 492ba1e3bd7da536d57182d4e498303f
SHA1 a04e8d16f03968f7ccf98081ff9fc0f91a733a2a
SHA256 ad8c5da687eb0bff32a38fe89b268ef7a7fe5effd7938493deba7ded890f4972
SHA512 9357536bd1a4c9213b01ac393f1e9bfb3e028f86fdf4932ff03fdb94e873acd087b2e1da87cc108e4a9454338b9c166c10f2facd60d4fd108d8bb7fe8b96c662

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0022f1278110388cfc054be9207471b8
SHA1 0a0240d48261f8caac75100b399c6b66e032ac6d
SHA256 1c9d99a7daa76c4eae217d00cc09e26f776cc2c781e1e7e127a46bdfe99f5e5b
SHA512 0b58ae5ab9dd5a426773952a7141a455a436ccede4a25ef92a3cae897f9925aad4c955670327f3d857645f03fceb2bee9c39759a4816331d30c06131a03c231d

memory/2888-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 20:02

Reported

2024-10-16 20:05

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

135s

Command Line

"C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe"

Signatures

Renames multiple (4862) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\DisableLimit.vb.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe

"C:\Users\Admin\AppData\Local\Temp\38c731822cd665ecd52691a88ec890d6402add8f3ee2673fea57422c10e495dc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3324-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 f9eb2d97675533cdc11da9305ee0d84f
SHA1 0496dd2ca5cd2507fc226add11c4d20b7522e7b7
SHA256 e78bbadb872622975fc1973af7d5de86d50d8fe3d25750e63208a60183982cea
SHA512 1d648cd86d06af22e14141592be708ead4be4b383ba79c8c5d414d69b73661665d5bee2a182b66ccd67297ca0a6952b8b1d6f034705a1cff2153a593c910e07a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c0420b7c70a8bd45b7afd5d4641e20ba
SHA1 8781d9b15ecfc93f6a068149a61f607e0db7bdee
SHA256 59bd9773a9f15288417a5c4e9c197b0872a15a710cc2885851c37cba88fc2651
SHA512 ea37268f8b57c01f1847c0a0d2f05fca9ba2b31087f8f4012a9a0e15e2dc80c33fb7e01b526dda5f970048bc3e4c7c4d290de5cb8e4a906e90736f6d05bec75f

memory/3324-664-0x0000000000400000-0x000000000040B000-memory.dmp