Malware Analysis Report

2024-12-07 10:04

Sample ID 241112-3heh7awpap
Target 73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546
SHA256 73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546

Threat Level: Likely malicious

The file 73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (5199) files with added filename extension

Renames multiple (3825) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 23:30

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 23:30

Reported

2024-11-12 23:33

Platform

win7-20241010-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe"

Signatures

Renames multiple (3825) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre7\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe

"C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe"

Network

N/A

Files

memory/1100-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 a94a35ebf09bb94419b0c4f1e68c2e3a
SHA1 f16b55be87dbcad9ad71fad5a4da7d8d346699ff
SHA256 a7532799686155989c9a71716733dd4cd01f13449868b03ec970685623ca427e
SHA512 5809db6c160c2c0381ae2722524a8e79a57964b3e552258b1d94b4d2cea2c1f63251be8cb68deb88bed82c93fd9f4b3b1b6279fd8296aeb3334dc0f0c9499913

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 babc13256d150403673ffb84c96b598e
SHA1 0d595988e85a37977c959ed37f197605be940189
SHA256 2ede68e06c795580d41b7fb258e08029f10adc0b36bd21d8054b8b63110a6dc4
SHA512 c1f5304bfe5ade34afb7ebe1c42d336454441895e616a43952f80518aca5dd87c3c4eaad2da72431a7bc563b60a6c7e98bc8468f47af4796203b3dae31ec20f6

memory/1100-70-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 23:30

Reported

2024-11-12 23:33

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe

"C:\Users\Admin\AppData\Local\Temp\73977d3cff340a19c5a9b21e4f5c6abf36a66bcdac411ec1eb0a2ea6f5bd9546.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/4192-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 dfb556e414ab3a1bf89a8fa7e84d5daa
SHA1 73f833d15fda1a29f33c9e5a2723be0f8f5c13ee
SHA256 43fec4badc11e6f76118207dca550f6631ab47790d2f9eeacbff8449b3507203
SHA512 b60d46ed0a4c6df124621ae7c6a6825b92dafb3c96cc305155dbea3fdbf2df054e4fa68969a6a4e8c569535aac862348a37fcfe1b2ee5bae6576a8f8b64af795

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ca34ba28585a4d359914b59515b830d1
SHA1 4f731d989cb54e51ff822059b3550136bffcb2c1
SHA256 c3952a757b697012b6e10c3a45234c26a22237e4e276c0595a9fa311c6d7cdad
SHA512 d59ede94508f87850e17971ea79e951a662d95fa686af1b115ceabf6596f0db468dfc68d958e4f69bb318c3df742e2335a985ea548fede3091d2e2b10c106dfc

memory/4192-785-0x0000000000400000-0x000000000040A000-memory.dmp