Malware Analysis Report

2025-01-22 20:28

Sample ID 241019-25nvpswhlj
Target 24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N
SHA256 24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4

Threat Level: Likely malicious

The file 24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3522) files with added filename extension

Renames multiple (4857) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 23:10

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 23:10

Reported

2024-10-19 23:13

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Signatures

Renames multiple (3522) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\OutGet.mpeg2.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\ReadComplete.aiff.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\ConnectFind.rmi.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Network

N/A

Files

memory/1724-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 33dbe316177ee1dba8b14499b03650d4
SHA1 d622e474dccfe42a3e415aa0d2e48a8afb3c01ab
SHA256 a25a476af7040c19afd18a1ddb748ce34ffd8c07a672c9b74e5d2a13b3be4048
SHA512 5e6fecee108d339894f7c9b190e0f41384a7593cf6193b4774bbb92758fb7fe75624793d9e048f39fd65fe58049e3a677db35e9b45023e6c37afeacebc38dee5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 786ec436047527cde7c46386a9334a48
SHA1 d5bcbf26397f8345adfd948f5857e46080b256cf
SHA256 1acabf92db420c21de2d7be163455691f46c4b78d753e4aca8b8dfe2618f8e0c
SHA512 7f7756e6cca9a9b3842d3a32d2373ada0cda900ef7953506893a72b1065df4dbca1526b69716986153a3722e3f80b8ca83e5b82b261f71c37d0cb2337e650142

memory/1724-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 23:10

Reported

2024-10-19 23:12

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Signatures

Renames multiple (4857) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/452-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 b264d8e642f2b697907025b89792e76e
SHA1 fafc3cbb4d3eda1268247f7f1b6af7072a500b59
SHA256 9ba50a0c001c53877b1dab4bf3f6fbc2c888935631dc53a4b0a6becc435c6a28
SHA512 d472e3031a9e09dd4f3c62a3c40bd17bb7bc4b9ce743fc1b5a7c4b3d7b3a41664ccfce9002b9c1756f8a7c089bad90942d916cf187d0e77cb478a09fc4cf04fa

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f3c375aa4e6348c7d4ee95c4b9f43e41
SHA1 f54e7cb24b24495aba6b1b7949b68629418e07c6
SHA256 7756d34f82a731bedba154499233eca5178fade46661e8f3457f5d241897062b
SHA512 540f38030fc4b3892330f5c1b3c04e2001ea4236417c1be0bf67417e80f47bd026e0da9ff80a37345d15d3af47f7417a6e00e0263a354dd38db383c9f4ee854f

memory/452-664-0x0000000000400000-0x000000000040B000-memory.dmp