Malware Analysis Report

2024-12-07 10:04

Sample ID 241114-ael5ms1hkh
Target 88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378
SHA256 88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378

Threat Level: Likely malicious

The file 88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4843) files with added filename extension

Renames multiple (3456) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 00:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 00:07

Reported

2024-11-14 00:10

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe"

Signatures

Renames multiple (3456) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Journal\es-ES\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Journal\PDIALOG.exe.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Journal\jnwdui.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMC.exe.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe

"C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe"

Network

N/A

Files

memory/2756-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 14b89457ffa7fde7424a4c9b2c0e6415
SHA1 4e280d8ca2939d8f6ee41da03d5fc71b8931473d
SHA256 c8574fdab6e0ca51b9f458f9d18b99cfe26ad96f1f4534fcf4e0969bfe4923d6
SHA512 2ad0ac6d988942255f565a24ba1d3aa94ade09d64ab20d20b754e9807f8793e86ba27459e1a27231696246e03cc46ee88e3d1c10abb4a983485d6bf221345592

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a9d45f2060655fe04585d505f4e7b087
SHA1 2c7074758a6bc19a4d500d73916efbbc90eadc75
SHA256 b2923f47f0ee7c2082d2c3c4c1f066f53578759565202937707e98897818ed6c
SHA512 86b0523a21c6b5d147a7140ecf2de19c4ff0956bd149a47a429e6898759dea6c1cc40205fe13fc1fc8aa8651a36f051d7ac106c24d2e7201631b00ed3b0decd9

memory/2756-62-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 00:07

Reported

2024-11-14 00:10

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe"

Signatures

Renames multiple (4843) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe

"C:\Users\Admin\AppData\Local\Temp\88cc42dbb0b168f3aa53819cad266aaf6f167d66d37fdb41ccbb5c5ab27d1378.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

memory/1252-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 11e9e426ad14264bd1c7618a3798ec2e
SHA1 eca57d0db022049f422ca4f5d211bc6536df60a7
SHA256 f508d12d84f9cfc4be18fa0a176a6720297b2f6fcc159340ad734fb9e355ee9e
SHA512 def288e5ae02510e52d397ba11b50170e322b13612e42e235afc31310b1ad634e58c7cbfeddb26b73db8364713e640275a326356cd2b9472df9115a6ef4df304

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7227115fcc3f840eae83d1805858a661
SHA1 f72e4792d6f2cb90397ab1b94867d20e858d73cb
SHA256 7a92de455e81f7c83e8f4670fad1364469de421c1bef0db7b4d24d0adef5e735
SHA512 b87af8a910f373314c63584b48ce3de247f82fb9b14df3516e5e61fe147b0897a26cd05486914d4ef4fd3ffefff9e0b125023570995408bd3bcf9c48e2386988

memory/1252-658-0x0000000000400000-0x000000000040B000-memory.dmp