Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-a2b8ysyemd
Target 1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN
SHA256 1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbce
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbce

Threat Level: Likely malicious

The file 1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5086) files with added filename extension

Renames multiple (3896) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 00:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 00:42

Reported

2024-10-20 00:44

Platform

win7-20240903-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe"

Signatures

Renames multiple (3896) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe

"C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe"

Network

N/A

Files

memory/2132-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 df4b312f37c9891e101b89466048b1cb
SHA1 e5cdc0a19093a64c6bf94cc0813679d3f5541338
SHA256 cc4c759b4651598fd80d0d9ed687462ea3cfb496ef2409fd60967db4f0ea77f2
SHA512 074811c97fc708f46bd56e4eb8cdcebf71037f9286429c558c3fc35c089e92fef4f8f69198ae21d743e24a55652a563b43784cc7af19ccabf3c7b7a41dcffb4d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 76fc9e45c8cacace287ec240da7ab0d8
SHA1 040d62c7be20fb4db2eaa69ca0cd6c7de7366610
SHA256 fa8220319f7926c65ccd206fdd0ad6180f1b96b18b75cb82197862b23e5707d1
SHA512 15275af14af3efca32379017c2e04476de7d2eca743a057377140ba4ed58b94ec6d476993680ebe1f7d614e8b4561b544f451666d21fe5dec470050988224633

memory/2132-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 00:42

Reported

2024-10-20 00:44

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe"

Signatures

Renames multiple (5086) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Wordcnvpxy.cnv.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe

"C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4244-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 af748b883a301a6eb10988fe3ccbb178
SHA1 cc98d33efc9e9e5a595ecc0a54fce0cd911325dd
SHA256 38cb32428400adb2285d0cfa3c4618f0801e81533e5cc8feddcefbdae234534d
SHA512 afc40ed0de5fa37a1e8649673c8e661247516e5c4ba9dd39a01d5915d354b45b14723bba89fc9d37d6c12c9d0aa9a0ec75fa9bd03507fb1a9346b3d593da4ef8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a67076866048f1a7ba16ecc9afb1972a
SHA1 973083bd05ad30d806748e0faf4325688a15208f
SHA256 9170570764f0b32e9ca0172d0cc28adf1068d815f46dacc177a264a292ae2a99
SHA512 64c6057babd666cc5361fea4963d102f6a09908d8068abbb907c6ec19f804c64063369b2e81932ab57e20059b646ccfcdb7a6c3ac7f1636ada96931818f8c8b6

memory/4244-776-0x0000000000400000-0x000000000040B000-memory.dmp