Malware Analysis Report

2024-12-07 10:20

Sample ID 241113-b3abesvalc
Target 7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe
SHA256 15aaf7b79b0425b74c3b31315e479918fa2e64c3705f92a9392d187727292940
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

15aaf7b79b0425b74c3b31315e479918fa2e64c3705f92a9392d187727292940

Threat Level: Likely malicious

The file 7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3230) files with added filename extension

Renames multiple (4316) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 01:39

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 01:39

Reported

2024-11-13 01:41

Platform

win7-20240903-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe"

Signatures

Renames multiple (3230) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\SelectShow.mp2v.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe

"C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 b3d4a8f9949a935f6aeb60056cbaf4c1
SHA1 62d8892b8e7a058903d0d7136b4a9d4fc183f2c5
SHA256 a937925068f2eaba13e0cdc73ddd50dc450fbc644b597438884a97c499a1cb24
SHA512 8ef5f1abbd452d118a294da0d5cf491b179eb5aba00599f1139415e10bbe67b180e0609bd1714804225587e5c8d379439374298021e31288e54ffe8c6804cba9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4ad6cfd9a533aa15eeb0c1c3603ef5df
SHA1 7a9b5a6b808528e77d93caf1bda26928a2d054b2
SHA256 328d8c62bfa5359239913c5938c915de31c2775e83c5dca1d82f825b004e03e9
SHA512 a632782edef33c2f4e731fda4a3f9111e292b3cb0f96cdda746ee67bd51ce35083997a4cdea43df2d752f6b41b3757f6fa441ce3a22586a5397392a010e25560

memory/2528-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 01:39

Reported

2024-11-13 01:41

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe"

Signatures

Renames multiple (4316) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe

"C:\Users\Admin\AppData\Local\Temp\7333ca5ff9bb781b67b631b1dfe60aadb86a859367a1e5fef491831f8cdbbd38N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp

Files

memory/2928-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 96f3cb972755d0914cf7eefbd9edc434
SHA1 2bc44e1c80d648f53958c89b2f697f9f1c7642cf
SHA256 f255f9a6c41976371908d9bd93b78ccb347f984eb774efd4ddb2e555a91640ba
SHA512 6c6a493b82d6580af098f4b9ab07b9b11c3b23435c3004291de198f4045e868031ab2ad4d7fa0b2f40bcffcf608ecebfe90dbaf9e89347819bc438c74c65c69b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5425b700d43741c66b0876c90955ee18
SHA1 e297b48e137093d1eaf9992b6345d31be665bd80
SHA256 ca248bb26fc1656ac6780b543fcaad44bf2737cefe52eaaa4be45fc21da9fe56
SHA512 ad05503c5028fc91eea3cf28f4edc69e09bfae678309404c8a1c55d8b927f30247854fc50d32add49bc137262b80ad5a510b7c8e301afb7bb20b9b6b68be409b

memory/2928-662-0x0000000000400000-0x000000000040B000-memory.dmp