Malware Analysis Report

2024-12-07 10:05

Sample ID 241112-zrn77szndv
Target 31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028
SHA256 31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028

Threat Level: Likely malicious

The file 31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4841) files with added filename extension

Renames multiple (3687) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 20:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 20:57

Reported

2024-11-12 20:59

Platform

win7-20240903-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe"

Signatures

Renames multiple (3687) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe

"C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe"

Network

N/A

Files

memory/3020-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 6dba9ca2d745746047e0ea3da912c550
SHA1 fac89d8aad15d82485fe6eba4bb9c17e4f08c827
SHA256 46d3e7fab89f488cf6f7b3f18954920b6bddc799989cc16db6ec8db4850564f7
SHA512 19849311a0924fbe8779857462f3e312d8db064ecb8533a2a28d99ecae2392fc7020c765da758f56dd8bf055a1081b83bd18e8c64224dc987c74a958e4b417da

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a8e11647505d23a475045d1576893caf
SHA1 8855bf7971a59a9d65ac233be14c8fdc862abd23
SHA256 82ba804a99d908c9fd6c304befa3702ee4e1c03d995bffe9a08e0835b3cc40c4
SHA512 b83e67a81592431041b8b1fc47e53464a824b1cc886370c1b7c31f2b96365d859ed99feb95745ae48070ed63dd2788cccd3adce9c95e0e5fbdee9279b494cd69

memory/3020-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 20:57

Reported

2024-11-12 20:59

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe"

Signatures

Renames multiple (4841) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe

"C:\Users\Admin\AppData\Local\Temp\31cf7dceeae3de7e7161b5f21f7129b3f37cede61190c59cfcd05eb938ad9028.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

memory/2464-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 44ca6533da4eeb2a208dc6386b84e110
SHA1 3a9c3a4e27bd551b2a78c1bf2338d83f6eeed37e
SHA256 cf47f0d2d57b240fa71addaba06f6540f958a191b7a0855adbe768ec396dbd99
SHA512 9b7ca786444243f11ae9e711383bb6387f49c77ffbba7a046ac7d85221aafdfba3f6ab3d9ed68954657a5f3226f0e978993dfe0dd5b7d95cb5f0395c85e15704

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1677915f7dc283907f058e431157f2dd
SHA1 b77225b9a1752d9599f4f88faa65dab835580af0
SHA256 f8f1d690b2d71da04f30a697d9b77eb296f8bf1e1f4016e166f81884af6a14aa
SHA512 3a297e1b2e68d3b6f25affdd7f39bd6410a315f9fe6d3c65f43746caa43a755293ef3b1bc8731741bf1e5adf84fd6861748daaf0826cf3f83aa642c0b9d45011

memory/2464-658-0x0000000000400000-0x000000000040B000-memory.dmp