Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-h3jy7aydrb
Target 728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N
SHA256 728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9

Threat Level: Likely malicious

The file 728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2820) files with added filename extension

Renames multiple (4308) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:15

Reported

2024-10-16 07:17

Platform

win7-20240708-en

Max time kernel

119s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Signatures

Renames multiple (2820) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Network

N/A

Files

memory/1092-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 a0fbabf690f4800b7777068159239e8d
SHA1 da11c9d822616cc4f3ec9acbba8bd9353c868266
SHA256 27d8521211e66d3ed7e980917c8faffb8d4e904f094851c6e16cf7bfa05ac08a
SHA512 013e3bad010ef17f767fbad0b19251fcb3b7f93932fdcdaef65a837abdf19ada02763bbc7ab20f7093f50952a353c2e627b2a93e2435fba21e59bdaa18e62281

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0706135eda0e97ebfbae322f775c99eb
SHA1 c1385ce16bcd461ac61d5a137725ceacb30b3684
SHA256 c3c30d063d667ed0720bce2a68e9517dc65afe8cf8ffd07690ed18b048c7866b
SHA512 79051e77f339335e76e04435a5b450b54f374abc5045f6621a0ff9046229baea98f81991403d6e42d8ad85801df35521522915ab83abb1cf8466e18753ed20b6

memory/1092-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:15

Reported

2024-10-16 07:17

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Signatures

Renames multiple (4308) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3996-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 2a124a1dddff57fa022b744be8314008
SHA1 c66daf21c82aaef7116199402227585b96c207a4
SHA256 11230c72c32a93ba363f484748278776d9db7cba401e722e0751048ab140dd88
SHA512 0697740597e970f27e89b6129cd8842a4942a7cbdd1588ae4aa71036561cc06a77083328427eef59cd8d83f1f76738de807f55b67ebe0ae54be8ca7f30851aca

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2688850a661f180c1a6d5d1f06ce793c
SHA1 ee50a40663c8083fa729f353299cd2dfba52556d
SHA256 c5cbfd8aa936e695865bced952bff2966c74eeae4ddc60e2f597eb3f2cecd2e5
SHA512 bbac271d2636bfb3eea150f743bff2c7adb0ca6f7d189fe8d0546150cfa920dde457ec142c824a30d600f207ae437fb8ef35e1f04c6f4143b5921f2a693533fb

memory/3996-661-0x0000000000400000-0x000000000040B000-memory.dmp