Malware Analysis Report

2025-01-22 20:35

Sample ID 241019-1bejhasarn
Target 3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N
SHA256 3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3

Threat Level: Likely malicious

The file 3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2945) files with added filename extension

Renames multiple (4312) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 21:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 21:28

Reported

2024-10-19 21:30

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe"

Signatures

Renames multiple (2945) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe

"C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 09181ec30cad1313d6aa786127fb9b77
SHA1 8a5af712a7822be8452cbcb7b272593ac9e03641
SHA256 8a9b8d69299c5487860b5178976f7ffcc03fb8fbbfe9651d914cfaecc6a73b48
SHA512 f58e753b87c08920802a320432d2556836f5eba34f8f6a0a67c3e6bc0804e67927080431a4a52e3f9396c640d637e6971b75d47903822a6aa02307693ed7efd1

memory/804-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8b0f2cdfe19b88f9f05993051b8f23fa
SHA1 3b93010c14eaeeefc39fdfb4318ead23f3fde65a
SHA256 c4ecec9d19824759e8f95987051e9db9505284d63ce7bdbd0181c1ee47134771
SHA512 5f8a26aeff2e3a863ec97b140b9550127cb289e8b483ce0eda4d09f2810010ba741cdd4f5058f4f723d73162577d2b1116c9b3cbe786ba00f64641e819e33e23

memory/804-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 21:28

Reported

2024-10-19 21:30

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe"

Signatures

Renames multiple (4312) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxil.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe

"C:\Users\Admin\AppData\Local\Temp\3dd0b168ff95f2aa20c36322594ed059f883c85bcddb2fafa65f60f7575df0b3N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/2764-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 9771ac238420ade6cec3bc51af5efa03
SHA1 fa523963cbb486edbfd2173b6fd9561268f0ccf3
SHA256 3cbe1cb3eac945ac70f9ad8037647290def036b8fe922f9e95761954c99a7582
SHA512 507743711be28dc872a98055e8151ded1a587837ca8b7a1e1e7684bd39dacc524d6b88a7245f616fee8c3f0dfbea5b9b9fd8da89201d82e9d5ac43e838844027

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 156a7816a54fe1570bcbfe0d7031de60
SHA1 6e8d006e0180b5e542742a0df633e3ab038f7909
SHA256 693feb57ca0a01f38a55daf3e8d62a5dcdd50c6c5dbe02860d1203f4a159e58f
SHA512 7f681b25c1184bd6982110eeeac6e03b9114e19d60c7948ce3323d856a3bc2b1f3388cb084c5465b9ac4d8fd5f386863b046050cbf737d3318d8c626e7adad65

memory/2764-661-0x0000000000400000-0x000000000040A000-memory.dmp