Malware Analysis Report

2025-01-22 20:15

Sample ID 241019-zwvwjsyeqg
Target 6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N
SHA256 6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20

Threat Level: Likely malicious

The file 6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2894) files with added filename extension

Renames multiple (1816) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 21:04

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 21:04

Reported

2024-10-19 21:07

Platform

win7-20240903-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Signatures

Renames multiple (1816) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Network

N/A

Files

memory/2076-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 d203e4c509718b15b9013924a1ed85f5
SHA1 88954b2ccf86ee5648a0072aeb340398efb8e446
SHA256 df11ae4065a5c24ad23286272bda6f78d95f13b0e6fa07d67f8b1e5106467e25
SHA512 f5a7e3e90ecd7e72160b98b273e06f86f9eb3ada6ecadc19a5eed63da450cb47f514af8addec849478b911f0221908af031cb5dbcff798168a91ffac260b5d1a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3813f96bd6a94ee20e5cdc4aac74082a
SHA1 644a011e49563d3ca01619d08268f69b92899115
SHA256 57d8d6bc2e0db5cd1d56f12019adfa18cd57383840c6bc005c870f79c02fd4e9
SHA512 118ef1f03794c25b9966f967b495c14907a6802138adf3c428953626affb5fbe5a256ba99cf5e4149ab6214abea7ab4d719ebd819be8390bcfc3db361c355b06

memory/2076-64-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 21:04

Reported

2024-10-19 21:07

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Signatures

Renames multiple (2894) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe

"C:\Users\Admin\AppData\Local\Temp\6973c5998260852abd8c97f1674ad98607430041344efbf8b5b4a310d07adf20N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/4828-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 8a644cb81d964a4ffd8e7def8c84c286
SHA1 2a31fd05798976c8e2d55a3058291bfeab26a135
SHA256 b48f3080a35a50f9d7bd5feb62f36e4d6a6d0d7515ebe05912285a48f1e2be98
SHA512 c65716659eb69eae2f2193ad1427f146cb56a919d26a4326b232caabf9c931cbe016278b896596645c87a5ca61bb2d1e9243a81da68f83181ca5207fecb8435b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e49368212fcb337eaeb626d3403787ba
SHA1 f52d90b91ade466d665ba9e23635e3cb46510c64
SHA256 4269965872898920682eb8d45f0230f1eefb9d8c07047c6a20f897863e13679b
SHA512 356459536e21009b21119b6126d941b42f96b01ada06cb9ab9a6ab8aae26e01f2f4bec8d91e78c5189cf5b936b77408bc42cc5cff770ad133cd0dbc182461c16

memory/4828-431-0x0000000000400000-0x000000000040A000-memory.dmp