Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-jhrzqszcqe
Target 3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN
SHA256 3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8ba
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8ba

Threat Level: Likely malicious

The file 3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2855) files with added filename extension

Renames multiple (4305) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:40

Reported

2024-10-16 07:42

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe"

Signatures

Renames multiple (2855) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe

"C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe"

Network

N/A

Files

memory/2076-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 12f77c4a84606516dde9397779bd7880
SHA1 3c7da7d4c10013917d4db6cd6b60d3a531bcd628
SHA256 2092b5f3e8ea2fad795aaf827b6abf27ab3cbb67351f184dc8a08a6dd336681b
SHA512 f98263b5893cbc9016b7bfb0a45cbc6148b7e5831eb5f3d8073ad178c7762ce25016378236e3e9dca2c95f5cd4bc68cbe4a956d5dc28373bf75014e269998069

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ab121d7fa57ca162770b573663236fbb
SHA1 2062adc11911ce7eb10e4a2ac8da9e825a30bd31
SHA256 ff46147d71d2221a51995b14e3e8fd7b52617235dd250e1d32441636b65382bc
SHA512 dbace100dbd514bb832a074b0e7ea3fc4690b4e760bc283348ef5287f4200412771a43afb40bbc4c8adb00592d955211181d29d80c834181acc094e7d39adca3

memory/2076-72-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:40

Reported

2024-10-16 07:42

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

107s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe"

Signatures

Renames multiple (4305) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe

"C:\Users\Admin\AppData\Local\Temp\3533b9040f8db2181d2f88fee5e0d9321dfa6e252d6496af4374eb1a71d7a8baN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2128-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 6575516efe25c7f33bd97d13613c2229
SHA1 1e20f2c5c27b465ff25f7ef06bfec3d1c489536e
SHA256 bff44b325b93cbac3c6a2c99b0dead8f2ed530f6e30fa1b17501ec0e49df6e01
SHA512 c843d815155a6408592b2d3e9c0caff349eacf7284cb21628806be26f68cb3ed641493755f6e8eeac2f6d88e2645e81f9e01ce50551f67403a84dfff7256073f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7d91552bfbf3ef452e6645fad57f3689
SHA1 cc1b0d4f9ffbd9be2cdb1ee6e19c30105d5367d9
SHA256 85d4d1eb1c977f396119227088c5523f0e0cd4402c080976cc7293c78068e266
SHA512 0280be57a129b7ecb0238836d4ae683674ade46342ab867a87c6d1eeda85c6d5ad2fc4fda58f75c0846a3366850ff4e18a45ad537f19f0e0ec2c65159d21f08b

memory/2128-658-0x0000000000400000-0x000000000040B000-memory.dmp