Malware Analysis Report

2025-01-22 19:56

Sample ID 241016-wvzasstgmb
Target 826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N
SHA256 826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316

Threat Level: Likely malicious

The file 826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2900) files with added filename extension

Renames multiple (4324) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:15

Reported

2024-10-16 18:17

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe"

Signatures

Renames multiple (2900) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe

"C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe"

Network

N/A

Files

memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 6e666b8d5ded9fee072d15ce1492ac18
SHA1 36800e3c5ccfc7e530d0ad99eb32e979c742d2de
SHA256 b805ff99090e8b0bc81284aae16a140581d2086c4b27447514c9ea50dc264d90
SHA512 b576685c91fd25b0816138712eedf9b95028aeacf5be41caa80e9264381c85327f2e8070ab1688b97fb96d134f8f95cb64b9446980667eecac407484250a5044

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b23556e935a0040ff1fada050052e6ee
SHA1 7f63e83a9eae15c15ad1a0e93c8611fa0f1e5710
SHA256 5c88ad1b518a2893e0743c2ebd43a18da59b1ff240f8bbdea199c1a3bd0fd5f1
SHA512 2c6cb51bb3f727d470eda16d998e2a488e5bfe8fee347068ff19674885bc84178247d8d3f3aa6ee7befc701a51490db717f2e4e937234ed488ad9c3d7905b759

memory/3012-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:15

Reported

2024-10-16 18:17

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe"

Signatures

Renames multiple (4324) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe

"C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/1876-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 19729a3ad9cccbaf77a4c2379bbdd216
SHA1 f5be558c963c5c7b0d849631c10c21f44bd0caea
SHA256 37302cf21cdb235a0b52dec2ba9dac4b8f692c22b980f07bea6055f9006c29d0
SHA512 810787a9b3736ac122572f0813af1d315c86394a9090629d4ac8f0a239b8cbda4568209a387cf1b0d4a92ea7a6b6bc9553335509fb72bb65accf3e0cdf1e0c70

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e024a2e58163fd887a3fb8c01df38946
SHA1 a75c925f6e6d0165ac1013504b6a7a641e7eca2a
SHA256 69a7555178f9cb84df252a806038cfede6030bf3d2d5fc2da61e4e88ca81fbb8
SHA512 d6d33614a28e4e162b7f866f05dbd9e302315cd27e99e8fb29d5a40d04b11a3abcb7efc701c1698655cdd873db56a691316a5fb35d7a3f3394d64bdb0077f0e8

memory/1876-664-0x0000000000400000-0x000000000040B000-memory.dmp