Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-bwqpts1cka
Target 68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N
SHA256 68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9

Threat Level: Likely malicious

The file 68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3279) files with added filename extension

Renames multiple (4664) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 01:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 01:29

Reported

2024-10-20 01:31

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe"

Signatures

Renames multiple (3279) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\README.html.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe

"C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe"

Network

N/A

Files

memory/1720-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 6e31fb2c654dee94c1468e69ac9ff384
SHA1 625f5edd05903511a3bd8cee07100362cfa295ed
SHA256 b338c1513d48a3d34f3ba4a6c98e9c068e9e18aa6f1dcd629fe9292c5f6f1a98
SHA512 bdba38fa1b8d92da5ca374c9086e60c713ac98ba4600effefd513af63d2bcc1aa503bff554993989d2398ced756602641d88203771e7c060c74051f6b264ba0b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8c57a8697e73a9a9142dce66bb2c0397
SHA1 932c75bf080ba993b469ca09630bef9c7c116133
SHA256 1c60626780987e1fd12f61dc4d6de56f34bbac68e0f2a5cb09fe29da41b5351f
SHA512 5fd6e6e361d197ea69bd35950a9e6613b1dc3d1e9827e70d44fe558fe6ba6d9ed775e36b9a8285405559f11d3ae643fed5816da4fb038cf1475f052124847bd5

memory/1720-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 01:29

Reported

2024-10-20 01:32

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe"

Signatures

Renames multiple (4664) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe

"C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4760-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 e576d5fcbd618d6a51af4aa6ec147f14
SHA1 faec70d22b139cd236def44ab898fd0aa9dd3b4f
SHA256 4ee990ec708f09b12bd87fbdd115f26407d5f725121327b37f41b668bdaa67ea
SHA512 604586ccebe01eb4b8abe2fcc7188104a48dde9555ddd8f6e6e6cff644c3df96122e46caf34776f2182cfc719d73f303292ca5237fa04e5de4fd5531c8113006

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5854e5272e47969bb91b78631b1ae545
SHA1 f134b72256682c8a6d3fafc2ffe9e5d39bf75d0f
SHA256 6f118e10ed91851b9dc828be27fdf2d4673953a6dc5f517935b417c8f294246b
SHA512 453ab90b42493cd25a069e12a3febc630ba0820674557feb7af65b2dd56730925ffb1bed7a9ceba7df7938c047d30c5af78dedd03bb07e855d67938c8e9b61bd

memory/4760-783-0x0000000000400000-0x000000000040A000-memory.dmp