Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-ddhydavdnf
Target 8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N
SHA256 8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09

Threat Level: Likely malicious

The file 8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3246) files with added filename extension

Renames multiple (4544) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 02:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 02:53

Reported

2024-10-20 02:55

Platform

win7-20240729-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe"

Signatures

Renames multiple (3246) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe

"C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 adc200634e6da861a134ca122831b867
SHA1 4c115656092403ef43a4683296c3087c70e6e078
SHA256 9034c3c108e053721be1c0a70113033b10c16f0ede87c75f499826cba6cc510b
SHA512 100eb549095e74573ea3560bbe2486393bde934ad8ec570e22364ed2cf51bf53819e2257eb44a0c0d71b1a124fdcacee38d98c4d61da0f911aa4416484943f84

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a51a9252bf69b3cb8a65fd24203cd4e1
SHA1 aee02817bd83ef04ecdd279d39a28a9d1300dff7
SHA256 8e87aae291bb8e6a2703b1aa2652d0d215545cc65f75647863093646c11a3480
SHA512 a3021b33f98fbab25b84956089c5769aa5f2fbaefe8f62d9c50f282496f2322a15364eab03067ae05f29a8c59edf429992a80968af41b18f8e83b29f800c9e29

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 02:53

Reported

2024-10-20 02:55

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe"

Signatures

Renames multiple (4544) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe

"C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 3c95541d07fd1c51d25da8e70b797087
SHA1 c60eaa6b52907b3a660ad82952932cf808b13942
SHA256 daa2dcf69493638dc945f930707d639874d4940c7f2da610a9fd8615c479ff28
SHA512 0902f8c7cae78df8d5a08a5547e8dbdb27d9a7c94edb86eb8ef4ccfc5a381590b04470d0d0454eb13d5144891be8d1e5b2d6cc2e6770998a2fb00aa2e0fca98d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 62fafc08d35f1ec1fa2fd342c524068b
SHA1 2e38a6ebc6837bdc2e9874409a68c98d779ee037
SHA256 d6465cc028457a6f8f2cec828a0d8cc905c5c7f70909eaaed14c3f91db491593
SHA512 9c459159eb48e0ab5584229260fef49981ce67f7b6c3cc9e833a5792e79e3a60db3ad7e8a5a2b25636e5d93dc8fc6c7bc730f888be7e94b9d2e50626001a578d