Malware Analysis Report

2025-01-22 19:54

Sample ID 241016-zxgqbawepq
Target 3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN
SHA256 3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056d
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056d

Threat Level: Likely malicious

The file 3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3460) files with added filename extension

Renames multiple (4833) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 21:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 21:05

Reported

2024-10-16 21:08

Platform

win7-20241010-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe"

Signatures

Renames multiple (3460) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jre7\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe

"C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe"

Network

N/A

Files

memory/2756-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 38714837466c4239622cdb674c54ee54
SHA1 5d47b7fa8534ac1555c58e530daede64e5c92c54
SHA256 02a4c2d47f4243fd8e30cd9e4a18f46d6d7e06792a2543be9d2113f6581d03ce
SHA512 763452ea706482100cf0556e1e4bb9682925eabda8fec095d67fa9a2ed663fc5f141ce91c69f8e85dfbc22d2a09c08addc7a7e9cc3013b215baaec4f42dd6a66

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 692f34ea06a06c3e14255921fd77bd4d
SHA1 8e4224095778302a2b826f2974b1af4f86cd2429
SHA256 401a87b0b80777ddfcaddef878af18be2db377b8e16188c7287a4105062c6cb4
SHA512 705afa5a6f2a76c51a3da85b072d8d94f01622b61b217a358a1771647a5a0b8afe61a548f42996c874e49db38e0358b051d2c718d03cad50e95154904cdb0d44

memory/2756-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 21:05

Reported

2024-10-16 21:08

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe"

Signatures

Renames multiple (4833) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe

"C:\Users\Admin\AppData\Local\Temp\3ff0f1c77d737e174af69dc06abf7e041e5092cb19e2eaa8f2ed8fba1cb5056dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 5.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/1628-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 a6bb60c20798aaf857cc99bf79945ee6
SHA1 180e03d0d0cf8a5f34a5816ce2a57f1c3dd515f3
SHA256 b1309fa1b33fa608d3e53f6111242bf651d0989b0e00beea85762709797c27e2
SHA512 86d0c0c6fff6e39e13bdbe0f71ab90adc78c5526705e3a7b5a1b8d41a44ae91ad6c6d3392f99d5845163c4de1fce244598f5319cf1cc749f8ea266616161d153

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 93d623b08ce2a73ab8cfe2363e41cc10
SHA1 5625a8d9ceea151707d2102abebb6bd75a391de3
SHA256 b7552a8aca12ee1f6c51c4876e657a014ff1942073bc05edf9a653e54641b133
SHA512 cba359a7f0c1d2a0e4f359755cde42a7fc0634fb9f437392b384b36c79d4ed4ec662c231de228f01a97aae810bb586680c5df6b810c8612bbf984dd97d1ca19e

memory/1628-666-0x0000000000400000-0x000000000040B000-memory.dmp