Malware Analysis Report

2025-01-22 19:57

Sample ID 241016-wyeqkathpe
Target 2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN
SHA256 2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249eb
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249eb

Threat Level: Likely malicious

The file 2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2928) files with added filename extension

Renames multiple (4359) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:19

Reported

2024-10-16 18:21

Platform

win7-20240708-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe"

Signatures

Renames multiple (2928) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe

"C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe"

Network

N/A

Files

memory/2276-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 a13c517e4f176f1e38df32ab04d6c55e
SHA1 6a95520eaca1e0e4b40bc6e78f6581cf40e9a7ba
SHA256 68281a34a09ea3465bfa2162ed600a52e6fa2f9c416c5ce38ff1ad7d10a6a705
SHA512 ce6c59e458992d6169d36b79bb5570238e98f9b7d9e02e40bc1ad4859778c6dcb1ed4690e28304408826e88241d772465f004277c1e5b71a9576f803a5f1380a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 80154de10bbe0892e18af14853dabf71
SHA1 99e99a6c27ff9e1b522ad5a84b85d4805a88326e
SHA256 a5bc52c79e19bf66c59315d52006d707693bda16329b6e8e0134c1257b603a8c
SHA512 2e8ad549939e97bb82f0b05f8caa12ea6b8ddae39f4fe1c2f9592b0f759a83698398d368e236ed7a5b4d744616a2d475b8da36571f94f8fdb79ac688ce28e8a5

memory/2276-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:19

Reported

2024-10-16 18:21

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe"

Signatures

Renames multiple (4359) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Java\jdk-1.8\README.html.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe

"C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3004-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 04e9d26f6b6dbc2efc8160e46e2a6e70
SHA1 46a8a2de0dcdc1ee044aa462d961aa795a37eb4d
SHA256 28721a5cc88c05375b70fa018265114d1cf103c762843045a53718e3ec092411
SHA512 51d0ad91d7d58df71446e756f529122a35214f87f80fe614953ad2f5e40bc877f15c7dc414a3edacfdf8a9c8460b10f96a5ac5d058007225d67d33dc6bc6adb9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9a751d720832b15a0eaf4d8ac10f2570
SHA1 dab57c86bc4aa3bfa786b68c429a21eacae9234f
SHA256 f1b637e16f221c41c104dd8dd4b22bd97999d2b77b3c645929e27717e397dbf6
SHA512 1ee922f7c425d57cab4ed0128164cdc86d370ce69c5d350a08ebaec3fc8ca1973fb86fb629bbf100d539f2ae49553ca8dc283df62b2b9840e029634d056778c7

memory/3004-660-0x0000000000400000-0x000000000040B000-memory.dmp