Malware Analysis Report

2025-03-15 08:25

Sample ID 241020-zhyehsygrd
Target 84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N
SHA256 84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954

Threat Level: Likely malicious

The file 84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4372) files with added filename extension

Renames multiple (3154) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 20:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 20:43

Reported

2024-10-20 20:45

Platform

win7-20240903-en

Max time kernel

119s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe"

Signatures

Renames multiple (3154) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe

"C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe"

Network

N/A

Files

memory/1032-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 f9707dce65ead029a5614a303eaa3cdf
SHA1 2f4e876d62906a398e73ef99cdc340e615822bfd
SHA256 d1a45819f29b83d76c8e17cbad480936b5b830c8792d6fdb5c139624fbe7ba50
SHA512 1ec414ce1632de6ef35162c46067885ff8a82067362f33c3a548d6944e47a28a3d5dcd253a3305f9febb8d4bc5b0d67a14c0f1b90d3345e458dd3e0c2e23f4e6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 778179dbcd3fcf09d3e1b79eeb2f12cb
SHA1 109c29378b9ea4f66ff1be8d59260f3b83c7ccf5
SHA256 b25333ac2f58625e89faaaaa9aa744d960df5298528a5e377040800e68518f8e
SHA512 abffc7230320f5f5cb658d02e8e4e7a5c5ca7b42854c5f5f1edeb1a11b11f6dd3660b5eadd5170e260743dace43ceaad225653a65fc66e80ea8dbd03904a32f4

memory/1032-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 20:43

Reported

2024-10-20 20:45

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe"

Signatures

Renames multiple (4372) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\InstallCopy.dwg.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe

"C:\Users\Admin\AppData\Local\Temp\84cd741b0ec6dabcd3808180dcb54ac0101655754618d92b7462f90089560954N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/960-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 8bf1179ca6aef96a9ea6e7633e5fe9d8
SHA1 3127b1c9f85f3b8e9b1461a827d91cbf748c76dc
SHA256 aab25982860ae5f7087d1d219d42545297cfc7b277324f7ddd7353d2a6066434
SHA512 4c4a97d36109d2081294f801d32846648999d420e0003c6f0f95dbb3fb61560b5ee273735f14769c2bf04a11e39eb9868f283f1881aef154c78027c4008fc21b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 66f46f5a75b4952a295b9a327e1e8052
SHA1 a355b0d6efead16ebc1ebd8f5eeabe5538c5253a
SHA256 ed97120ba951386af8cc6c0a48e41c294144c760e7744ff4ead9e41085751136
SHA512 9c6f66e08f4ac60a75d96d3eb47cb02cbbc3878b1ec47d3dce95d62498ce8fbfffb2b3bb3dcf5fe507a338fa453becb14ed5b6d9ad8411814059d36555c46194

memory/960-654-0x0000000000400000-0x000000000040B000-memory.dmp