Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-ww622aserb
Target 58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N
SHA256 58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48

Threat Level: Likely malicious

The file 58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3161) files with added filename extension

Renames multiple (4357) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 18:17

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 18:17

Reported

2024-10-20 18:19

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe"

Signatures

Renames multiple (3161) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\UnpublishBackup.jpeg.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe

"C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe"

Network

N/A

Files

memory/2072-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 ff947d1dce018966d5f6996ff090c100
SHA1 f7b002a4208f3628c9db80e35ee983f6f0eef1e8
SHA256 db8e846843e438fca3072699f1bc966ab8eab184dab2446cd52bd37003cd2cd0
SHA512 7dad39f127a3854748bab3be4b843599117784fe5eedd57a9c08cb06069b8dee8ae0a51b73f95fd1d2586267efc5fdc0578cf17a047a50c93b17d43723b636dd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e3d371252cf2c8ba2271a96c08ccabc6
SHA1 8e8b49527735b30e47684dcd84e7ce8a9022deee
SHA256 6b3ca6ea23ef71eb4a7b1caba4b35ef1af35260e20d7d101fd3f113e226ebbbb
SHA512 1e2c60ea13adb6bc662fb8a40482a7611e7efe677bc6c19da4c3b0ed0352026667c756af21ce809dde644731b2044534de09f6928be09faa22e0d84721425a2f

memory/2072-72-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 18:17

Reported

2024-10-20 18:19

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe"

Signatures

Renames multiple (4357) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre-1.8\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe

"C:\Users\Admin\AppData\Local\Temp\58ea19896dc2dd9addb324e75e6f949ebe27e066ba6dba4baf3c863111d48d48N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/2444-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 5e84e83ccf37733f27d25b2d704339b9
SHA1 147d0c8e2bc6cf8e8c179cf9b8c7d0930a7bed97
SHA256 7643e5939145610fff471ff019b774db312fea8b0b4ce5f7a2018522a7438fd3
SHA512 e19d947beef747bb6b8feed83f8512d53d3b85a827ec9c4650114c838da6586058778f1c948a43a3e84b2b9d520c3d470de73b71b44eff80929b4dc257871198

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6292ad85f25f1af3c933422e9ae38161
SHA1 c7af4d0d88a4ccd7965b5a665d96eee57984ccba
SHA256 fe0e2902d484b47af1a5efc30cc88a442acde982157a615f495460042da1b877
SHA512 1a6d7126a109e091558af7509540adae0e5b6609a2ccf8f17e865b21b137ade625ce91138d9be133e43c2cdbf3bf0b4b2918df3423b649ec6d132d73617c4abc

memory/2444-656-0x0000000000400000-0x000000000040B000-memory.dmp