Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-ejx5xswamm
Target e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N
SHA256 e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865

Threat Level: Likely malicious

The file e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (332) files with added filename extension

Renames multiple (4365) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 03:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 03:58

Reported

2024-10-16 04:00

Platform

win7-20241010-en

Max time kernel

120s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe"

Signatures

Renames multiple (332) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Pipeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe

"C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe"

Network

N/A

Files

memory/1656-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 d120607bbf5974bd57e29be3d19e841a
SHA1 ff03be836f8633c7b2bb5e894d967771359b5d4e
SHA256 3ffed25c2eb6e190f66e973f55d707912bda32347184b8cfa83519b82634d891
SHA512 fb365ee9742442e930feeab955faba7c031ee685229134c2dfe0c84e2dba4157b2a17f511bf3e33655c08e5871eb4ea7314e03cc52b80756eab94abdde396187

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 db1656517577ba050d536a0ca927a502
SHA1 487af2cc1a31193fde135ef9e15d150e95351b8b
SHA256 16351cbf92a1dd679d4feb360a4ba2e3acf239844bb70779aca72e2c2aaaff5f
SHA512 12396ad770afa49fab85cc3955ca6e01b585b62c0c09e12b1211d0fa4f621f6891a694f0c94c95107aef586d022c96ea5482ba74412120b7bf74b717dbce2ead

memory/1656-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 03:58

Reported

2024-10-16 04:00

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe"

Signatures

Renames multiple (4365) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\ConvertToUninstall.DVR-MS.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe

"C:\Users\Admin\AppData\Local\Temp\e8fd8f2cc58473bc2feff9da7a3089475b1042c16142b4d0ca01bf89101c8865N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4856-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 69e2af3d8af5c573d57d8135d9ed48ca
SHA1 249476d87e1f8d6a8bde7608ed2dae7d4c3ec423
SHA256 43e3aa56fc293b8d9aada047ad12add2941f33226aa62c1b918b2c94ac01f2b4
SHA512 26d9cff801c12b9fe9300779e3f417b9408434810cbb3266913fbfc42989a244886069a83df7a5cf5fa303c2fcbf3fa39c60479e7acb6251076b583eb3249f98

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6ab15d685cba6565a49cdaa3f81e5131
SHA1 26106ca9071a3e8ac7da586425c63b36fae64470
SHA256 8a1354aab3e8ff046108a5362ef0d529b20f4587f860e1f331c13942e0c10d8d
SHA512 361f0f67bbcb1ea2d0e70e3cb891bf7b7de55e652d93f71bc38592e72ffd9983ba3dd00a791bb587f3f43dff4c7f2317bc7eb617c7d79150ecb343e71b051ada

memory/4856-666-0x0000000000400000-0x000000000040B000-memory.dmp