Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-wyarlssfmg
Target b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N
SHA256 b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961

Threat Level: Likely malicious

The file b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4658) files with added filename extension

Renames multiple (3339) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 18:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 18:19

Reported

2024-10-20 18:21

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe"

Signatures

Renames multiple (3339) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe

"C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe"

Network

N/A

Files

memory/2336-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 0da66e47be862223133a4c2b9ecce3ba
SHA1 6b7da89dc163489d975c9950bd769254f55a7cd4
SHA256 4aac1ed7def6143d83e1a43bb17bc3515b4c6570d7f9c9d87d64ced9eebf1cde
SHA512 0d43f6906c03ef6cf71be99be4f9aa39d35b5d83430eaa1f43253254c72496875f55af329edd9e56454b2a198df214b91a4402b0eb7813f6de5cc0105e0fd282

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8f682bd69a26c9180742a14ba3062b62
SHA1 a8337df01a80e077cea019cefa3595986421ac15
SHA256 16f09ac3e84b93cbe6712cc1e5598c31e5e451f08937fcdd93b8b6e5ce058383
SHA512 73623ef289a21477e834e86c0b06df40064f513265042195cd87dc2ec77069e166cfa588ba733494ea133a75c78fbd4f169420f488c3fdf5b8a17d299d6ebbf7

memory/2336-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 18:19

Reported

2024-10-20 18:21

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

113s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe"

Signatures

Renames multiple (4658) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.123.manifest.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe

"C:\Users\Admin\AppData\Local\Temp\b2787b742e6d7e6b2d4df71f9278dd120d19c02e0085814f0765f7c2051e0961N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/720-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 8927c4839d7d4342f6ba9f2d9eb0343d
SHA1 687b6262e6433106740cec90b5b3302000ad7eb5
SHA256 e0ddbc6a9f8f486290a957364cacff5b0dd2d7fa9763116339b6374a9ff8ac24
SHA512 55165d4f6765e45cb9d1ea2ce3467b6226ff150b5e0a0022127070c0dc4acc3294d17595b21e746b73f7ef1b6de170b7366fbb167eb3a8237f9cc4bf20999b66

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 690705669fb79643dcaaf6309c98afee
SHA1 e8225ae7949d9666d32f1223aecdce0cc3208e3d
SHA256 4b77c387c18c7cd9746b8ab3403269ed57387a63dc5d5353b1d7d79520162c7e
SHA512 99554bce78842d3d2e8b6727f206d12f5d76b0153a2b8b3910bed914915d6b9ee28b7e84d3ccce770c97578fbeb2d1c93eecd978358adbf3137227100a390105

memory/720-789-0x0000000000400000-0x000000000040A000-memory.dmp