Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-t4abxsyarc
Target fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N
SHA256 fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6

Threat Level: Likely malicious

The file fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4231) files with added filename extension

Renames multiple (2915) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 16:36

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 16:36

Reported

2024-10-20 16:38

Platform

win7-20241010-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe"

Signatures

Renames multiple (2915) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\CompleteUnlock.js.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\SendTest.ex_.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Mozilla Firefox\install.log.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe

"C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe"

Network

N/A

Files

memory/2036-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 f0adcbee02ac5e4044ab314788509f1e
SHA1 2bc920aa0fcf41b7c110ef666d3cdef61cd54738
SHA256 707f4afd5a8bbc7a7c6aa9b261f56f460a5cfd950934be7eb03e7d207c9f119a
SHA512 b807fd17e46034f4516f38ab7aba1f7a71e54c3752eea6b9665c61528ecc08895a9a96f29e3616162e58170fc6135e129a3fcb0f5b41b2d64f88b5c600bb2ba4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 73aa23a40193b902fb2cc9564e3500d2
SHA1 fee852836a1c732241d2b22927b5205769b3f540
SHA256 59b1f500b1a298337fea349b354eee6d0c5d372a2a6c030703f7222c7ca85705
SHA512 b3743b11db55d85be756c7659bd7a9aaaf87fe49b48b8da363b9fd79a09fc00b2dbc3d5d585cd0c65e64f451d6ebb0e30842a68e05b30fdf06248cc482b6c26b

memory/2036-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 16:36

Reported

2024-10-20 16:38

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe"

Signatures

Renames multiple (4231) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe

"C:\Users\Admin\AppData\Local\Temp\fbeca8ebc8c509d6590c03a15970209e874b5485f9b7259b172d93d9c7478aa6N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4064-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 0a7cf5b8f3d1fc9c6224982516b34bbe
SHA1 b9122b57388a8eb47b464059cf12c4af3aa97d25
SHA256 a5dda689dca8b9a6fe6169a1acf2b49f44435cba98d372ac3d7f8d3afdc3a066
SHA512 eb855b884a4fd65512ca9ebc85972a1515efc5134f3b8e8c35b29db9d78e3577c312cd251a0afea75da739009ccda6fb363940b742656b153a2e62985fc58d64

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c51d930f735283b06464a5276cd2d35b
SHA1 5f610959a4f70f6ffab0c24369c131f18497d554
SHA256 101eb0ef6e48336937fa73e0189732a35f6410704e2ce234b5f213fb22b4a6d9
SHA512 71004da9a6d35509b47b9bfcd107c7844893609f516968492898c55136d4a51f27beeb74cbad0611b3514759fe83afd4145e4cb565e0e77e89b3d33c2bbe6d44

memory/4064-662-0x0000000000400000-0x000000000040B000-memory.dmp