Malware Analysis Report

2025-01-22 20:15

Sample ID 241019-2jbm9atbka
Target 734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N
SHA256 734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96

Threat Level: Likely malicious

The file 734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2886) files with added filename extension

Renames multiple (4363) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 22:36

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 22:36

Reported

2024-10-19 22:38

Platform

win7-20241010-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe"

Signatures

Renames multiple (2886) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe

"C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe"

Network

N/A

Files

memory/1684-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 8a666ded18423206b63e9f4f11aac1b1
SHA1 1499de3d86ac85e49bf8f7353e48c54b3fa5113e
SHA256 ef1a761dce282fd3cc2bdf5faf704b22aa7e7360723e27b5ef2908739f0681dd
SHA512 9209e6bbc8990f9a1545027cf24a53055e785d2fb43e6253afab4468cf4299d861b91dee45e130822fca1e425b9a66163c63041830dac4d7230470a22230a492

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b3ed3c4148c2ec839187cc62b2658234
SHA1 b1145057a70ad7c0cf0be8d5a0493d03335fd4bc
SHA256 0083f28e610f15f3fa795b10d279f4489b00a67855dbf0e74729b5bbf6ff5d9a
SHA512 f554fe9b4f8c43361d8d00c3a8bd106313c4e3ab65a3d9043e6e4cd5de2fd62680e2647988325d6af67221bbeb948677c7a4e2701dbdc30a9c9c8429fd55a746

memory/1684-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 22:36

Reported

2024-10-19 22:38

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe"

Signatures

Renames multiple (4363) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe

"C:\Users\Admin\AppData\Local\Temp\734ebb7f2d29b8faddb808886acd3bc057136acc68d251eb592f358ecde86d96N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1200-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 e656678dfda52d53ef2647297bc68c61
SHA1 228d5660d3114e1c6a9c78ba17af87d90a37aa67
SHA256 0c784efb6e35dbf0002f197aaaa13d472a6944c8844f7cf1153cdcf2ace7125c
SHA512 850db6c1328a918b9dd1d6ecb2fa16938e83262b146ec247ff65bb98f6a943c7728126faec9c2436886313206925e1c106a446e4725cb4fe65b0307bb9291a28

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b221651ba052e5810afd403cf3d0ff85
SHA1 4f68b68c72b82e628432533e2878a11c34582bf5
SHA256 4f4f6f2a40dffaf725eeccfbd837e1c26b98390d217e31d85acb4a09c0f62c41
SHA512 1ff9273d981904c559adebfcc860aa0bab76760839324854451143c82c8775aa393975fa97ffd7790618151b5c86ba8d36caa2d9108b84b1f7fcbb1b27193d36

memory/1200-664-0x0000000000400000-0x000000000040B000-memory.dmp