Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-kd25ks1fmh
Target e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N
SHA256 e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1

Threat Level: Likely malicious

The file e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4647) files with added filename extension

Renames multiple (3293) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:29

Reported

2024-10-16 08:32

Platform

win7-20240729-en

Max time kernel

120s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe"

Signatures

Renames multiple (3293) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\MountNew.mpg.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe

"C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe"

Network

N/A

Files

memory/2308-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 1f2ad30c36abed8b9ba9d1568a15314a
SHA1 fba1ffa951e3c8a4da9dc14d40936d0d0274e33b
SHA256 9d31a2d66b59a821c7ceb550c8fc61fbed8cdc478b54f0c9c58bedf0c6643c03
SHA512 1a8d090a8c908f8d942be917ea4ddf44f201481d4894ac21857453c90d5a5257ba10f7720fb117ab1613e2cfd184536a88d0a5e30c3b868e07c27d594fa4743a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fa9a9610325bbce428e4b31f568b62eb
SHA1 a7477329c5022141d0bdbb7e896c59eeb53eadc8
SHA256 58b3f2f106f0eda11e96c90c8279d20cd87c7488ec31e9f3ed09c95219b89f25
SHA512 bd265d8afb9c51c504266407c40f16aa5c26c4a06a4ac987d6e32ae970a7fb241c3ce980255fd4565bea2eb8fc8446b8e9305ce4f766e4c52f11993906714351

memory/2308-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:29

Reported

2024-10-16 08:32

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe"

Signatures

Renames multiple (4647) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe

"C:\Users\Admin\AppData\Local\Temp\e0b6a53c2301b93d5c9fefbf253beb9f86dbd7812ada96664e4a0bd29a1580a1N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4428-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 48eafa9b764a011a4c2fb141866d543d
SHA1 b93f6d073826f3a083f722476c63a24c2929b012
SHA256 9159592fe92d651130c7d93ba958d196d53a9b911676b35908e1bbb7b2f70686
SHA512 699826db2c648e164465311cbeb7a262e4fd41cd948b18f231d912112207722a6e0e7510103bfe79710b099125c883507e72dcf39e269a8e6c4dd375940d71d9

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 39f9cb3a78eb28dbe3e894fcef2dd1fc
SHA1 35b432faf2019f75b25041587e6a6324b86442b9
SHA256 be7d05fe4de6323ec904a11570a26fa3db871d1ea271023ea4dc7035007fc49a
SHA512 463f24713094a1289b8cfaf3dd4bfc4a7fc935382c4b1f880b55103314be42e5aeda587ea8d56d19a9361bfb401587fb6dc5df635ddf171152391f25ec3150bb

memory/4428-768-0x0000000000400000-0x000000000040B000-memory.dmp