Malware Analysis Report

2025-03-15 08:28

Sample ID 241020-y8ceasycka
Target 2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3
SHA256 2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3

Threat Level: Likely malicious

The file 2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3747) files with added filename extension

Renames multiple (5190) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 20:26

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 20:26

Reported

2024-10-20 20:29

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe"

Signatures

Renames multiple (3747) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre7\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Journal\jnwdui.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe

"C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe"

Network

N/A

Files

memory/2148-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 d7b2bd55708b5ace38605c0c13c066e5
SHA1 90680969f1178ebee5818c204962f20cd29d057a
SHA256 4b64ba4d8bc25c2383f7c121e91b58bd12f5c409aa71a7788dd65b9697ee1a1b
SHA512 84efebd6180ab7ec190828d8c59d6f8f7467f994542f378cb01f7b10916592d53e320a491c1f5e297d1b09446f08293519e068bfc58925474ced3281051ecd04

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d0f2a44c6526b8868286cb6531ee3499
SHA1 73d0423dda35740aef0c0e45086da19fc4696189
SHA256 f0fccea7c114f8ea47240912a28c61bf7c2829f8692708e05fb6fb134015db8f
SHA512 1261ab013adcab6e55bff434fb44b3a054a68008224122ab2830f2903c28e191d3626133b3a2bc915719ef53fdb04955f876aa8227218e23289e77a54b608816

memory/2148-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 20:26

Reported

2024-10-20 20:29

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe"

Signatures

Renames multiple (5190) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe

"C:\Users\Admin\AppData\Local\Temp\2eb97372abe28e8010079df41fafe624b1f270d00ce42acf8835135ec66da3e3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

memory/1404-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 a4e3a5daa19f2a1f155f6875ecd6a723
SHA1 b0124eacdb502e3763c343065b5773dcc8aef8d9
SHA256 ed2c1bf1db1f49bfcc260748af4f7d1d549c621242204a02a53cd47da748d036
SHA512 df7351ad749d0d30c80fe000772026ca8bf8e95773c2c9f6836c1202d38ca21a33e4e0988e3efec6710350fd885c533fb6174bd055b13f1b4526ef8a49c3a152

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 76034d88ef12bb731824bfd035712915
SHA1 a853295d4161378d274c1db852143441c863e90e
SHA256 cdceafb0f1618c15cc4559a58bbe0df586f42170a7ea4ad76005e66a411013b2
SHA512 d35b9139150860bedc8fd94ffb19227de7f256411332d40c03d99ad233c4cae4664e04268ff922812711665e97738e718ae6f08c3fc33efa9fe7e7af03c84f13

memory/1404-734-0x0000000000400000-0x000000000040B000-memory.dmp