Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xfyw6awbqc
Target 1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N
SHA256 1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4

Threat Level: Likely malicious

The file 1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2841) files with added filename extension

Renames multiple (4211) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:48

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:48

Reported

2024-10-16 18:50

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe"

Signatures

Renames multiple (2841) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe

"C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe"

Network

N/A

Files

memory/2416-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 304969120291df87d00211518dc0209e
SHA1 d1310fff8b8e6e9ae46bda67f50cd77c6a191dd6
SHA256 692af60c07cfd635db8ce8073d5fff9183545008f68d30e75fbc01c306489fae
SHA512 86c8d4be05e0d016bf0445920a12426a9c99ab0a184f0b5369375e07c8c924ca7463d3b545faf9153ce6c32003082646714e2be68920832da52a0da68c180d6b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e32ef3ab06db1ba40654db0a71f9cf36
SHA1 2d21bfae204b22fde813509c2f40fb8ec39a939d
SHA256 0a1174cde1cfd3cb7a38dd26a592ea1acfbfd41eb1b8c84cb3eff9bcc2b33f89
SHA512 836edb64baef7dfb67c69a72fc6c2f3706e6512f3e3bc71f194c40ea0818075e90373a9951cf76e051689991e28dcfb8105bbf69d99c12cfa9ae005d407f577f

memory/2416-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:48

Reported

2024-10-16 18:50

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe"

Signatures

Renames multiple (4211) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe

"C:\Users\Admin\AppData\Local\Temp\1dbd77171c408a459dd7db2f6f96592b0a56d4a465d1757ad67d77e90e2c1aa4N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/2996-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 932002928b0d06b2e0cff8f49c8e43fe
SHA1 948bf1e3eb50b77315a790362f039804aad0a79a
SHA256 e484200eee55ee6b7e84f80914fa3c44787314f0fe6251f79748d639b8b68103
SHA512 f3649c133807ec993cdd70c0cf40316050bb4a43e12248e7f4e4e1bd5f2165453e6dbc470cb21536b000e614992c8c9cf8e4af89eef190ab77e86bf125ac250f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4364932421921f417e99a5d24fd81958
SHA1 31e53abe7c88f3103eeeeff3c2ea371816864381
SHA256 29f979de15e74efe12df01c44193543586da74b205b53c282b3d6b73c2845a13
SHA512 1e50e0c50fa271ac4c7e6d7946d952f5629ac98144dcbb1236cfbea265a336d51a2ccef4efcd4dc15ac41817019d3ef9b92de662fc518c5835e92da6d723b660

memory/2996-662-0x0000000000400000-0x000000000040B000-memory.dmp