Malware Analysis Report

2025-01-22 20:14

Sample ID 241019-ztzfysyejb
Target 6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N
SHA256 6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20

Threat Level: Likely malicious

The file 6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (1186) files with added filename extension

Renames multiple (2217) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 21:01

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 21:01

Reported

2024-10-19 21:03

Platform

win7-20240903-en

Max time kernel

119s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Signatures

Renames multiple (1186) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Network

N/A

Files

memory/2292-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 87f3083b4f0e4f9843c531e27480f41d
SHA1 fc684f854ee7d785f573f6401c5dd99063e000e2
SHA256 6b5f719b674a8157867ca30d0aa9a320af46e53b6847fae0a86c7d91c316610c
SHA512 85b4d018f51c598b4790fa8799e7c567bb034c2327c796d21b22e10c1d83c7fc4871c4b07c40bed7861211ada4932e874a34a487689f118a9509d7f3699b7109

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4eff8c8a464abd27eba15895cdafeabd
SHA1 01b41ae79b3db67a0732a8c69049e08ba5652867
SHA256 992431450bb898af4fd2bd8c6e5bf240201323dc405eca7417ff4e5d745059c0
SHA512 de47fcef843f45c9f73ea3553b42eef425cb5be8d0027987579af3daed744a4f03f65c284a7bec0df7e94859818dc5bd70f3df7e59dac228fdf14884276f0dd2

memory/2292-63-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 21:01

Reported

2024-10-19 21:03

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Signatures

Renames multiple (2217) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\BlockUnregister.tif.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\InvokeRepair.vdx.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/1444-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 719e83a27efef5aef1e4616d9ef0c704
SHA1 750035b55627ef144a359de0c7b89987f110acc8
SHA256 16b30cfd2ce8ad89ba9d177a3cca647ca7dd5aa8f4e98032856721076f765aac
SHA512 3de5a17f1c46a79700da443e97560b35e7ef2819274bba17f3cb6f5a60b4b6bbb0f9c7f3b30e28a0b4d03ca902b4af24c9dfe96b8aa0ba23d3c5f7b60628ca3c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 24e44cd18b71639a9bd4ea50a94aae58
SHA1 530eacdd4ecfbf639cef2aae0cac20fc8895ce26
SHA256 fa463bb7bcb673709a6064380271f320be404a4ba092a60004a8fb77684fe791
SHA512 b181d3005bd2f25d84669446f63c5cdaddd28a5c1e4aa89cadb99fee2c3939c8e41f9fe7ceb1b026a97626ff963587e6b638ca3e369c6b7671f4d008ab3e4d37

memory/1444-441-0x0000000000400000-0x000000000040A000-memory.dmp