Malware Analysis Report

2025-01-22 20:16

Sample ID 241019-1gjemssdrn
Target c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N
SHA256 c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894

Threat Level: Likely malicious

The file c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4603) files with added filename extension

Renames multiple (3181) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 21:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 21:37

Reported

2024-10-19 21:39

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe"

Signatures

Renames multiple (3181) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Mozilla Firefox\postSigningData.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe

"C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe"

Network

N/A

Files

memory/2488-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 d75e113726b8adb588e5403659905666
SHA1 901a01a9204569fd9c8cb8db17201a74e54fd608
SHA256 e37a70cbb6fc418a65e9857af9b5effa22a233ac17e210c4e4881f204ebc5031
SHA512 94dcb04ae3620588d1afa227d675184156fa3d723e4a5bcfae5cf067787ae49b8bf8979e4f43ca7b6120f0d5896b058d1d9deba65035bdc53bcc85b2bab3cc8e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b5babc54ceca6eb79afcbaed9c127937
SHA1 1414047dfde1c5e9e89a16ddd3c6b05e06b116fa
SHA256 837d12a97cee978cf4b196513f35f311390390eb0cf2aee3506c8aae5e2f3b0b
SHA512 7d88cd79372ff8b2c8973774307a644f35479c660a09d9a9e60ff6d8f04272179e6bb6bdc9984f1c5ada4def76a9ebbcd38ed5ebebef5ef74cd90d30739a4e99

memory/2488-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 21:37

Reported

2024-10-19 21:39

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe"

Signatures

Renames multiple (4603) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe

"C:\Users\Admin\AppData\Local\Temp\c97c83cebf44b1ee766717d15936672dbbb58a18058c5f1fa22818d3eece0894N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/1576-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 13ee8807097cc8d2e6cb822dceeb655b
SHA1 82f7b4d35dcc265af2cbb98c8cadbe4e5c31c122
SHA256 44e0ba8effbed8253a01d5a145ed26e59df2bde6e8082606ab5f81efa1803a5c
SHA512 1076450d48556fe7dbf9be307629807b3cd4b0a55d3a2543d8da790ced42baf6bdbb6f92ccc7bf9481d8dfb9f1dae75446663f9b87455d8f86e4ca8c217a8dcf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 52c7ee3bd92dc32a094c7448f574b931
SHA1 343f839361cc82dd2d09a78ed3a0ef9bd508e1e0
SHA256 6837984ae442b2a6d64bac460ab479bb02a202049783696ec069c62e3bc9fe16
SHA512 63f6fad4d16081f19845053eb3efa4b7b6fb4f65f556a3b3a5b63230712d28eedcb763977ef531803bb1a32abb1f63f5fd765eb954bed11c4635b7c9ca2adde6

memory/1576-781-0x0000000000400000-0x000000000040A000-memory.dmp