Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-x1kv2a1enp
Target 539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN
SHA256 539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6f
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6f

Threat Level: Likely malicious

The file 539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3379) files with added filename extension

Renames multiple (4615) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:19

Reported

2024-10-16 19:21

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe"

Signatures

Renames multiple (3379) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre7\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre7\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre7\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Mozilla Firefox\application.ini.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe

"C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe"

Network

N/A

Files

memory/1232-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 41605c8f643c108b8a5833e8577c2ebe
SHA1 602208844098150c3eab51f4a5f11ec8341318f8
SHA256 2fc57a2c109f368a286ee7c20b45d2659f2349723fef2c3ddf2bf8fac26f942d
SHA512 d67f7a3e990b20b01cb4ea0c501bd5b907475208da9e57ea1637deba989540663ffa1b85da0f35d3bb6f4b4dfa0b955b72a26df122d9b630b2ad0d184dc58653

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e4611506c8107a2741e9341f18b23faa
SHA1 6c3506b9f109199780ce45317516f4f9238058fa
SHA256 65a2b5a29bf8b46fad90434b1fa0b4719068bf680e7d82a8d7972ebae385f038
SHA512 4e34c48e49d55b94068faf88ff88e6e2ccb3043df6f1680c9b0d4fc2b656d806a670d631371ba1d00628ee0ec87aa65e69f154b4010fad8ab8eed480d5b73cf3

memory/1232-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:19

Reported

2024-10-16 19:21

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe"

Signatures

Renames multiple (4615) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe

"C:\Users\Admin\AppData\Local\Temp\539a7cf275007508dcbb0e799274db10427298d4ea22e505db252f770f064c6fN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/4728-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 2f203595fe38c1cd52d8856dbcf1b10f
SHA1 b6af9e67ad1783ae13ab2b4f747bad0083a7f0d4
SHA256 3e417f27339581c3f257afd3eadf0b0a956fa050a8486494509c2c1b54173977
SHA512 219c3462c1538271ba718250c67157bfc2241007ec421a313f0d29d23041ace3ae9b7782d6a2ef9c3d5b65f86f4dc9500ee428b35b927de7ba7a2e3376b8ecec

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 826459d355a5383555e1da54b1d7c7a6
SHA1 c6bf1626c43a8ba6e1565bdcf62df029da21530c
SHA256 41e0870a6efd2d3458d5762210d6644fae7565d831a6ee8640b65f38f31b72c7
SHA512 ede54c7e64d1973f1d673bf6d87a8958973c4f2b5ec503b09d9302b2792561e0f38ee37cff1fdbe2ba649decd3882b5ac86917eafea27b1e9ed8b08389f02c0e

memory/4728-659-0x0000000000400000-0x000000000040A000-memory.dmp