Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-dh7sastelq
Target bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N
SHA256 bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4

Threat Level: Likely malicious

The file bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (484) files with added filename extension

Renames multiple (1706) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 03:01

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 03:01

Reported

2024-10-16 03:03

Platform

win7-20240903-en

Max time kernel

119s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe"

Signatures

Renames multiple (484) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe

"C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe"

Network

N/A

Files

memory/2440-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 81755f61643ab19755cd06d5b3a18b27
SHA1 0d223e2417f5c0b40126b9d929d6340434908a3c
SHA256 bfa5c19a5c07821ffbe34082ef0ca28150fc684a86b1ee0ca7575ad29f3722c5
SHA512 66de5339eca832d0a8a51c547c8cb97d67b93bc49fd3f731cc5fdfbf1d1ae66eee01b2014e839abb79958078f2a807f8bad7f25740c521051b8c32cdfeced7dd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e86d64f3e0cff205b865332a138fc3f0
SHA1 ab516da986d3ee2347e5ab8470b4d2c1f925207c
SHA256 6bf0c29f48d31e5ec0d775c664032fcdf1444ca2605bcba78d95fb973871768d
SHA512 c59aa870c51c3f903c87fe9be1e685dead14acbf4c17004d82a77da9aa27ebcfa957efefe91855e256ca9bd0dc72a7af33f4cfe422e3918b91355796ae8b36f6

memory/2440-62-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 03:01

Reported

2024-10-16 03:03

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe"

Signatures

Renames multiple (1706) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe

"C:\Users\Admin\AppData\Local\Temp\bb3c8cdf64b6ff70e09a10f23fbee0ae22ffb830dffc1edf7893161d0532d8b4N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1720-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 506c8b2c351d1302b62020d71d8315ac
SHA1 b63dcdb9f6d633f9d12374b6cfcf77f2cbf2a1c5
SHA256 61ef1614979c6d4944b37dadab9df18d4fe7018c7be788687670d380c30f79c3
SHA512 def0c1297cede1fc34f3348b3a1f9bdeafa4dcb680bd67024a30d8f9e344741a20df07612bc5f9d21b759e7d3b940616b3360d3c6dff5946c2afd5cc8433a995

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f9bfe0e0af7cc7a0361f43becf36bd9e
SHA1 95d3658e8e177ade6f2a3475918673f848bca6d3
SHA256 4807747e67eb9d96818bdc61ba2998694c98933ea73a157a5dc9486f8cc0c312
SHA512 806c4c686cf7c5f876aa2d399bb491be947e85e9e7930fc99d71bfd9f8a58109b864629e286e0929cfc3ae7d0f6cc7f64a27c556ca24fb39d992a8bc39eb1403

memory/1720-372-0x0000000000400000-0x000000000040B000-memory.dmp