Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-glf1jazgkm
Target 685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N
SHA256 685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1

Threat Level: Likely malicious

The file 685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4209) files with added filename extension

Renames multiple (2692) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:53

Reported

2024-10-16 05:55

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe"

Signatures

Renames multiple (2692) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe

"C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 48b8cf4438e0ced062e1b9fe3f0673a2
SHA1 a862a6a244b1cea1fd7456508021b2215cc58064
SHA256 4b8d6951ec3910ea843da2868fd2aa26204b480160035b0ece8f3ae2a20d2319
SHA512 f01975d04ad07324f703ed037e75d0a547b220fe2bbe9a4a97bad6c171721967be5241f283045c5a207cf07dc3ec6e302328982aa3c540c603476e91f912dff9

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 b5f70f4056e572f83de69bf3dbb547f6
SHA1 523fe15e98a621eb660ad3d60ba0f10496299dde
SHA256 e936b4c1381a90f41374606a577a99ac00644e2f5c6c49431dc6b2bee90f56c9
SHA512 cdec87b74b0bad8f9d705614ce6d93cde4cd880bb37de14e518f61aee3fef42a5c4c78e481833d2addd7e416b5c68443d7ee5d581e3b031a0b8bb61a1048ab20

memory/1072-0-0x0000000000400000-0x000000000040B000-memory.dmp

memory/1072-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:53

Reported

2024-10-16 05:55

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe"

Signatures

Renames multiple (4209) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.122.manifest.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe

"C:\Users\Admin\AppData\Local\Temp\685f741771a175d713ea97cd1a6c619e15ed7b932a33d1b4ac5541e3e25c32b1N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp

Files

memory/4180-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 e3cd8da9cde47a35cfcb4696be9da004
SHA1 bb91574e3c0ffc9f9fd9edb851aea56af7c5380a
SHA256 a9eaa69f0ddabe2e88164fb89e229c9b9b8ac5cd55a9f845e68237f7ccad0cb9
SHA512 d71499430bcdd38f626f4ccc9a36a33be6d9c86e24127c80298d2e367d4a1eed2fdaa666bcfaa5965a438286a14c5ece994d06cd0f051fd9211aa587c5bcdb6d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a51ddc28fa694f93887a8fe11670bc5f
SHA1 f1813d96ccc8ee4676b94c85fd4f41b1a3e60a31
SHA256 8b18fb636196370aab1f75ed3ef1110202485ac2dfaf8f414e84f25f95ec7e96
SHA512 4ede4fcc12c72b4fd32a0d282f5651f4abdc719d0f50f3301f2a215581edd0fc5b539247a74c69abaddd7a147e1d5af3c2f60c606d29b11572bae6a1b3b4fdf0

memory/4180-662-0x0000000000400000-0x000000000040B000-memory.dmp