Malware Analysis Report

2025-03-15 08:14

Sample ID 241016-hjqbvsxfrc
Target f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N
SHA256 f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751

Threat Level: Likely malicious

The file f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4442) files with added filename extension

Renames multiple (3276) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 06:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 06:46

Reported

2024-10-16 06:48

Platform

win7-20240729-en

Max time kernel

119s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe"

Signatures

Renames multiple (3276) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe

"C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe"

Network

N/A

Files

memory/2188-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 4449a4cd721104eef014bc2119348cb6
SHA1 a14dbe51019c3ada3503202a80aab487a42b32b7
SHA256 131e16f20a3e82a9809e4f836155ce7fa99e86d931d62741848e585c598469fe
SHA512 2748709f5d522cd101fa482f8b9431edcb9a92893559fbffea187a44130fbca32955fe5903fcf407f39953c73e12c1a0cdd99731d4b2ec8ff005c31a8b0df6c7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 495328cb18fe31ece764ff5b1fb604e5
SHA1 dda4d3e2f4771e80a6278e9b2b047d52e8f32566
SHA256 3e8e2090973f120e46cb8b254061fdb8bf2d218561383b1e2f1008e145e35569
SHA512 076a8f65dd2ddd0e69df58c32052de0c039714b19b7a561104fe2c2845225f76d4c6d5a0f09614a612d8fa886a19e8f5a7cd2dbeeb8c33feb193166c64541f6b

memory/2188-74-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 06:46

Reported

2024-10-16 06:48

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe"

Signatures

Renames multiple (4442) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe

"C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3036-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 108a2bf0699fb86baa0ca0caab9eb248
SHA1 59daead7d3f5730f638a67470ac14281a813c8ad
SHA256 78a8f5f6f0ee052960f2edde8bbe805aa7735e3a6ec980ccd86dfa73ce5c857d
SHA512 191682f177c3e2a6fb6a77478a5cb91518a34f89edabf23221be9628dd49d1ed10edcca226b0a3aaa31d5b49b8d99f50cc051b36e2da0b93d379e7da92e2dbaf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c60090887c6c747a028765a7e6f63567
SHA1 f11a5207b24bcae4e40d97689ae2481b3ac2e538
SHA256 33341a55fabfa81b6b5e91f4392993270834f9a204ed3f7f123c146977a2c667
SHA512 42d1c6290a781218b1123676bc5e633b9ddf3a9e17b0961ca1618eea40eb6c8027ebb418714a9878a4ac95525543defea082121acd743729fbed88bb176c6eb9

memory/3036-706-0x0000000000400000-0x0000000000408000-memory.dmp