Malware Analysis Report

2024-12-07 10:04

Sample ID 241114-bpc56asfjq
Target a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79
SHA256 a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79

Threat Level: Likely malicious

The file a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3534) files with added filename extension

Renames multiple (4867) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 01:18

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 01:18

Reported

2024-11-14 01:21

Platform

win7-20240708-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe"

Signatures

Renames multiple (3534) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre7\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Mail\wabfind.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe

"C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe"

Network

N/A

Files

memory/2984-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 5d58fafa72fee1c580795191adcc00b4
SHA1 a924937fa401c6fc5f429fd1a6b6882b0c5ac309
SHA256 bec0aaf9f48e345d39198c4e5ab0b15bdd87d7f5c9d22485709b9a285c8b177f
SHA512 ed9f2162856539e022a81aab40dd9cf0f7b8aa4eeb8bb9fc12b412b4fdc411a51c84944f1928308c6d9a6847d6d1f71794a403040807be8f075ddc8c2264ab62

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1ee61758cbd83ef62b0a4ebcf2382c7c
SHA1 1ae6549e697115879fa3d214ab7b0ad5913e4ec9
SHA256 0e19b93c6fb266395b5da1a93f44a53c5772cd337562e94a23ab57469a2593f2
SHA512 3ac33fcf276ce986e5f238623a5dd94b7724c3b8aab0677a627e6fb3d3d458f8b22fc7fa91a1c0d5a1e47052513715408edf19452d419bcaf77fb5cacf9d3e16

memory/2984-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 01:18

Reported

2024-11-14 01:21

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe"

Signatures

Renames multiple (4867) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe

"C:\Users\Admin\AppData\Local\Temp\a72e79e7a77f4a6fbf115a06e4f483f9662a8c82f9e116087ec886369477df79.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

memory/2908-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 9e1f530e8f32260336a485f9cb073822
SHA1 f23c3096d981d63cdd802d279ff7d092035572c8
SHA256 3bc3f2b05c4bf97664666ebae69c9380f124d526553f08e8490bab2d42887ef7
SHA512 bae280101b847ba2d7763e3e0b1f8609d690f8a1f4f4d28dbb457bc5b1ea2ad54ca1868eed0cef979ad7695fce14302c88d967833404d1fb3ee2382a92a84e98

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 28bd23b500c904057d209cae1a481b80
SHA1 d134e1071ed70b3b63a812125f0cd3bd9b7e8101
SHA256 90f4fbad52638386ec7899b0b770cdb15ec0bc443ce9835cc891ed50e2f0cfd2
SHA512 3c8e0f445bfb11819c1de4d8e716a004d4d9742c602b0e65bb5770c64dda81b7b1c96572aaeca8496e508e11196e2ae49e38c785f7477b2d552ccaf69c435205

memory/2908-658-0x0000000000400000-0x000000000040B000-memory.dmp