Malware Analysis Report

2025-03-15 08:24

Sample ID 241020-zt2w3s1hnp
Target 71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN
SHA256 71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccd
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccd

Threat Level: Likely malicious

The file 71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (2843) files with added filename extension

Renames multiple (4358) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 21:01

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 21:01

Reported

2024-10-20 21:03

Platform

win7-20241010-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe"

Signatures

Renames multiple (2843) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\NewDebug.zip.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe

"C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe"

Network

N/A

Files

memory/2828-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 bd56049c1edc8715d84ad18634304f4d
SHA1 8ae5d044ea7dbd61f5fd155698a719807e7cef69
SHA256 e91b40edd10a5c69287f53fc854e6e239c5b713234f3c34882866af22fdc7608
SHA512 e70c76831a67dd32db51aa2d60d9919fe114bde91eb46155868ecfb5ccd37ab9064a3ede95e9d1a0f320bc24ec65f7057f4eda33cb6d835e7a51188e5b576bc3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7fde3defa4a4383bdd05b6680c66a5c1
SHA1 fce98d9c67bc0c1f213e398630e98b2e0968c76a
SHA256 4a99a025d21fd0952fb701db9955e23a1058000d7eb05311e5e4d52c6da91eb1
SHA512 1951f4850332b3961d8d6a1e7023d3dcb5321da5875615621d443694d91812abbf5344d1afd5c6b6e3292947898bf750c0d481e879480cb928df346b151a6b66

memory/2828-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 21:01

Reported

2024-10-20 21:03

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

107s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe"

Signatures

Renames multiple (4358) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe

"C:\Users\Admin\AppData\Local\Temp\71d72662265285451d2c3df7a9df96771ef64f27544de2cf90decff90031eccdN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4540-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 b7d9ea980b4368ad0d692eccc260e20e
SHA1 e9b56b5c2000cdd60d997a11c6e8d3489cb46f11
SHA256 574e41bdd8c738644771f14c8d1a6a98bd095bb4a5da88163c7a7b2dbe7d5bf6
SHA512 317b08bdae0dd97ed50327f0ecb91a2c9eee186a48b319e73663f40a7e23e7321b5e53a4915fdbcd354ec0c3efad08845b1a663963e30d98414dfb8d1ab623c2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0ed16fe0b10ba6cb48eec27433498392
SHA1 5d19cc354a71fed36d2083fec7b53f08be2abe38
SHA256 c1849c087ad86034ef5842d3b46543e8207c87d4ed0759115d8477574aaac139
SHA512 0ad51f41fffb002046ae5bc294dc4d3ecf445243076213ecff9d19543c028d6aab94c72efadf66ed2faa833bed80538236570190af8d45f6fc877a286446a058

memory/4540-662-0x0000000000400000-0x000000000040B000-memory.dmp