Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-cew1ystgrp
Target 58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N
SHA256 58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2

Threat Level: Likely malicious

The file 58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3181) files with added filename extension

Renames multiple (4359) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 01:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 01:59

Reported

2024-10-20 02:01

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe"

Signatures

Renames multiple (3181) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe

"C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 ad6ba7b1bfee842e1e2e430a3007bb1d
SHA1 7d170a4393525ae431550d192bcebfd69468856e
SHA256 a356372fb924b0c9b0175912741e22e8ee0bf6531924c5ac6aa1144448f81dd7
SHA512 13db172cafe51f2ebc16149ae9eac30e7f451b5897b44b5ea4e192bd194981b713f3069c0cb9afacee49012e86060716205cc9adef0e0dfa65e9dead5d92180c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9092da63c0de04a36e4d2346e63d32ca
SHA1 075a9266202903beb89c2848280390ed5cead399
SHA256 accd3ee268f80c5f0a2dfb7f1d3fcefc2914b78233e2e15494945f1ae8e3beb4
SHA512 7bf21959a53dfeda7fb9303bf31a3dd2923f16a3ab549e8e13f9b744a13fd424b244b0a7b45c4b1ee5874ec773b4b09219b6332457a999ada1b43154c6971375

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 01:59

Reported

2024-10-20 02:02

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe"

Signatures

Renames multiple (4359) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe

"C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 4549783a8bdf70844dcfca65ce58b927
SHA1 daad8ead03389540a7aa07685c5ae82589f774d5
SHA256 8bf4fdf93aad7555383e2454cd6945e31aec7d3d948642a89dd709b1fae3a625
SHA512 6fb2a7ba91865b2f09c08560ab9e408eb45b0463f58d86f4a8e79fa6abc5206398061387caae8fe0d5f31dadf5911c07d4e877ad847f6654e5f80654ef984f0d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3d61533586c0c46a3dea545f110df205
SHA1 be9743b2c9576cd627136b3086d50d21e60926ae
SHA256 781141598c2c657ef021ed7a3d760426bea0be47ac035abd8977cc7e01863ab0
SHA512 52031f33d52401a97b0837228b9ac3fa43e994accb664bc461980a6dec5a1d01e3a324a84074bfa2465093f2e5c3d723f9453eca870f2b09d9f1f4acb94bbe46