Malware Analysis Report

2025-01-22 20:15

Sample ID 241019-xhwjtathjj
Target 2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN
SHA256 2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1e
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1e

Threat Level: Likely malicious

The file 2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3162) files with added filename extension

Renames multiple (4610) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 18:51

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 18:51

Reported

2024-10-19 18:53

Platform

win7-20240903-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe"

Signatures

Renames multiple (3162) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\ClearProtect.docx.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe

"C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe"

Network

N/A

Files

memory/2472-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 1a4905de45a3b71c552628945e45d0c8
SHA1 27341bb5666e32278303878bbd1c25df17264754
SHA256 6d90d98a9dd5e3a27d5219fe0297129b77ed404db11d65bd62d974d1c58a221b
SHA512 890d966c7a8a61d7bffe7b8c9d235ad1dc547186e943055aea9478e37b164194f9c06c9bcc6fb4e29448d15cf2b38430af87c8a6874298cbc1c014374d9adeaf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9dd7c10f88dbfa1dcecd343e02775bf8
SHA1 503b95f0e9c51e9efe0a4fa4cb901a04cd5fe12b
SHA256 f6e45e406cd857f96490a103a12a1aea7ccaaedd4413ba1d9d81e3702e8eeb25
SHA512 4496be35d03e7a64f1340e4c87d3e4c04c81e08831b1e0d2f6e7d715ed45d087cb0e141ea463a4f87ea3b0214a1e3b0f957863772cb4bc8a1795d5be84b8f48c

memory/2472-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 18:51

Reported

2024-10-19 18:53

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe"

Signatures

Renames multiple (4610) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe

"C:\Users\Admin\AppData\Local\Temp\2870c1696fb83fcac11b665b9c1192b613ff748e9ea7dea2f5b9183af3851a1eN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/1216-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 1ecd4b4fd37b27ab40eb2fa38860b79f
SHA1 15fc81dbd379230007406680e651f0d53f597f28
SHA256 29fa105b7bb5bd3bb71c8e41d430b3f8e0730484eb496747ff69f4a7c400161f
SHA512 59d80422c71503590d22bc727759433dfa19f0631603939eda3aaaa5f78d6805fde4b1f7c5735bf53a3475a21beae6becd4bc9520b1e201fd6220bde2afe36c7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8c164d3a66d47a3c128364aad26398c5
SHA1 440861bfb72170f0044d485bee7fc987bfecfde4
SHA256 d479534b85560c5ae731eb2b1138d64353501264a08a7a20ff1199d734e2877b
SHA512 da8101b41f171111f8208782a38444a3cf71288f4a68cb64cedc15793300a5cb3d53e6085d06c4d57a80862966994d3e2a96c651d9a5a1dea7c9f8b15a33aaa1

memory/1216-757-0x0000000000400000-0x000000000040A000-memory.dmp