Malware Analysis Report

2025-01-22 20:14

Sample ID 241016-zegbtsvfkr
Target 51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N
SHA256 51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9

Threat Level: Likely malicious

The file 51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4310) files with added filename extension

Renames multiple (2849) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 20:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 20:37

Reported

2024-10-16 20:39

Platform

win7-20240708-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe"

Signatures

Renames multiple (2849) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe

"C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe"

Network

N/A

Files

memory/2136-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 c947d242edb6a835bec392578ab734c9
SHA1 51b0388c16d5977acff8a0efe35e3749ff5ee352
SHA256 bc10a896216397b47fc9342c8f5cfa27a4549c420eecf333aa97775073b3a6a2
SHA512 b6c1ab59725c77524e5820ccd374d41b1938c174575783b23a286f27c7e057318655e6dab748f14f6767f1f8b9b85a2654d938d66b0604527e2409de0c928aca

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 871fdf14d49f6460b928790c6ce3f1c6
SHA1 7c9bc05630532feaffad8f2e0c04671f0392e727
SHA256 4ba520323f4ef5a35089dbc11e023e3f23a8c001a817bd903f45b8cd81b94ed8
SHA512 81f65ec39006c5429654e9397279c26af69413364b775b03e235df8ac2b51b6044d82e3c8e91a213fb44356d72b3b67f68045f7839a5ff95c8a7f4e7dddca166

memory/2136-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 20:37

Reported

2024-10-16 20:39

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe"

Signatures

Renames multiple (4310) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe

"C:\Users\Admin\AppData\Local\Temp\51f1bcb184fdd751d9e71c3f41c0345293833f29c4d4b6c9f105a244b6fdeae9N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4848-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 2fe2ba2de5d2b8b109aa42da7f0a7766
SHA1 391af8273759eb68e25ac66075e8641deb69e075
SHA256 b1d8d687cc5a9f7ab64743cda1c30ca1028315e4912483f274dc3658818470bd
SHA512 75c47dc0498bf6b75330a853c4b7f6c29d64ea22761ebce5e8363edba493e015fa13ea6619c41ac1990eb76b540b437a89826cf9b57ef1da0267c956aabcba10

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7821be36bf0a297caadf512735b5945d
SHA1 4423e43a6193b95c525e53a0d9631b904811ae0a
SHA256 05f8487396445d87add645f5e4e65642b056cd582d276b0f020c1e882afea448
SHA512 a3fa23da26443def319e3327d69657172a9f999ae4904bb1f456691fccc6c4490c16ba02c3a76bca7d89f6c94c706325890dc24baeded2cb749fe03a310002d4

memory/4848-660-0x0000000000400000-0x000000000040B000-memory.dmp