Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-h7sf5atbpr
Target 728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N
SHA256 728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9

Threat Level: Likely malicious

The file 728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (496) files with added filename extension

Renames multiple (4741) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:23

Reported

2024-10-16 07:25

Platform

win7-20241010-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Signatures

Renames multiple (496) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Internet Explorer\networkinspection.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1f55331c1ce0828bffe178d87453dbca
SHA1 1e7d10617135a956eec8b371f755e302ac4abb27
SHA256 cf9dd52ef78ef6d36dd2e7537008b618e4d806f86082c485f724aad0731c8016
SHA512 8cc8b2362aa362a2659d7b5ff4f413a09764a9746044582b4eecc25ee97ac829c197560c00ebe50f13939deed841c8f966c41e750efae5143bac52304832ec2c

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 d67ffc335cec9801820f089ab2f6bdfb
SHA1 87d0c8c64c9b60adc7744fe56bba139001a8bb95
SHA256 cafd116e36b42ade177b84fc8be5fd3fc368a1292df308a5df374f79dc3fee12
SHA512 050768f7db141303fdf2545ee8fc65f76b423ece3b62d6cbd054d10e2d95a39180cd32d5bfe1e55a8541123458d2ba1f9ec6dc6018d549d4ef1e4618114aa9cc

memory/2740-0-0x0000000000400000-0x000000000040B000-memory.dmp

memory/2740-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:23

Reported

2024-10-16 07:25

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Signatures

Renames multiple (4741) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe

"C:\Users\Admin\AppData\Local\Temp\728e8c88a6e223d69c1676d187a469f8c4d264f53341a0fea8e0d5e82a028ae9N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

memory/432-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 a81fc2efd8a8c7b0eaabbc7f094d1b57
SHA1 d1087d5469d91e6e7b7a77d5e71661edbacda6df
SHA256 2b2c8ce5ab8ebc78552027c490c06d4128ec55c23d8b85bde761eadbdecaa158
SHA512 c02c4f2c910384db77d194609934a27308e215343a22d676373ccc60e7fef146a4a7586f926ba736343278ac1b3b9b71d220ddab5dd1cdacac6e13afc763c82d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 deca21f1609aed68fb294096e945a0e0
SHA1 f82ebc63bc6c13abb4791f7ea67362532764e18d
SHA256 68adbb2e5cbb91bc7360d46576458a64669982540be81b7245b76d87530c2aab
SHA512 b44b6e1b12b26611537f16c0cdeb4f53728a29526e77fdd4c3bbd974b96d122db43427ec19938348b6da3f8e83505e011cac82f6e0ce4ef21c38b10267647603

memory/432-658-0x0000000000400000-0x000000000040B000-memory.dmp