Malware Analysis Report

2024-12-07 09:56

Sample ID 241114-ajftes1lew
Target 8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93
SHA256 8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93

Threat Level: Likely malicious

The file 8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (1249) files with added filename extension

Renames multiple (4720) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 00:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 00:14

Reported

2024-11-14 00:16

Platform

win7-20241010-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Signatures

Renames multiple (1249) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Network

N/A

Files

memory/1064-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 dc7d41cd4cd6db78a8a5d1bfa0fc7af3
SHA1 b870db91f3f6452a960804ccb6d93c6f11c34a75
SHA256 f85848e4990ec2d307447d11b4a64c3af78467bc1c0758814394f7764964b973
SHA512 f8496cad9a66c41d1073823449fa65da250ff58a1f50dd6f257ce099c60b696173fc617c178e85b0c472676a6be09868002171390dbad7a602f27217bec5e25b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9677fd1d88c44fbaaf6b36074e54395f
SHA1 d32e762edf7a16d0f7a4a6bcc9003acaba5ded23
SHA256 a3ab3a1ca62ce4062fcc2cd18b12f40408fa7b5e7a745fd4616209f0570e1f47
SHA512 170c0bb36cdafcbebbd965ee5585f6274b103806c45b886a5a1e4ec91a5ea4a727ba34202a13673bff7ab30dfb8061cc0d0211f5c22112c2e82321552a293014

memory/1064-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 00:14

Reported

2024-11-14 00:16

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Signatures

Renames multiple (4720) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.ini.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/3376-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 67253d3d5b165fbf286601f23a4bfdb5
SHA1 299ea1b0348a1b83a16c688eacf3ef9df3b93fa1
SHA256 d340c06fa82dd291d6a765e7f4d414e3cf9a28afcaba7b2c8949bbac83d80656
SHA512 b51ae040133742894f7291bfe66eec2471f3e9178d10e75c2ff252de13773a2ceefd6494f15b27329d3de91edecc8cf40b9e6acf900dfd496f0f738c3121f8e8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8e37a6fe17b44486f9df6d408d296cd2
SHA1 a0389d7a59a2a27dedcbcd364021d0da5e32f14e
SHA256 890e8db8e7c535d22c9db2b8c30b39a6c9c271eaf7fd1b77309f0fb2e5aefedf
SHA512 63333189e1a910df92ccf74db72684d7459f8f5e6f14115d3233c83751fb58ce1f0264ff3d6d81d081a054758f2ba6e4ecd85e12bf760536124723210769935a

memory/3376-654-0x0000000000400000-0x000000000040B000-memory.dmp