Malware Analysis Report

2024-12-07 09:56

Sample ID 241114-ak3dtavpek
Target 8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93
SHA256 8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93

Threat Level: Likely malicious

The file 8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4725) files with added filename extension

Renames multiple (3442) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 00:17

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 00:17

Reported

2024-11-14 00:19

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Signatures

Renames multiple (3442) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\SplitPing.M2V.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Windows Journal\Templates\blank.jtp.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 27f5becc274ed4fef6452b003bff9d78
SHA1 df4eb496c8c4e1ffa84c72f714adf1902da31d86
SHA256 1dc987f57ffff05968eac189662b2811db6dfa418d600f90132529dc0c37b48b
SHA512 53beba29cf93f91c98cf2e9ef467024f39d567c8790ddf51bb2ec492c3fc039d5731df9182abb6567ed8d482d03715551581190ab2d24273ae3d843a0334a1cd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f4bedc9fccd43f207e435a3d95fbd3f8
SHA1 7761c9abd3966430aeed8101ca1fe5eb3c9c76fa
SHA256 702714a71928d7b27755600d31bd81cfb8f2c8e761ef05f46a692db71f264253
SHA512 a46e7a0d63f0090390cc4e16417bd4ce63b21fb62f2975c27c1a093a3b674736ceffd80547c669f4c603dc27927f601aa7b869468d5a822da37c7952d8d37d49

memory/2528-50-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 00:17

Reported

2024-11-14 00:19

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Signatures

Renames multiple (4725) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\CopyMount.lnk.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe

"C:\Users\Admin\AppData\Local\Temp\8cb58a9060e306f03eeb0e5d83ec79a104f8ef69a8fd740604ee695de1a25b93.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

memory/4168-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 3ce16f3c18c56db90d4ae8bc042fd3db
SHA1 4600df2c804cde81445fbc9dcc9f8b651a19220a
SHA256 347c3af6b091656ee49e603bff7d0bd92dd8508f243d77c0a9e7cb23a968f638
SHA512 e055e34803e13d40bb97d85140b2405fbd1a2e9a5adef020fc9235b22357843bf6c0a3e57cecbce3b12aa4787cf84249bfa1731904b80b32e4af668cdef8b90e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 87213c2306b06c420b09c16543481b15
SHA1 49288621cf3aabf1573f32cd2e0ff976583956c2
SHA256 2017598ea66a1f207ae8d0208c5799006e08d4c7c00a8920bff4444431c49b86
SHA512 ff6d504bd753a607bda813375c8ffdaa29c332d0157f023add81bc976ee8dbbbc85e6c0b6f330675bf4cea47dc773b506128ddc9758a92f32754ccdd63d5838c

memory/4168-650-0x0000000000400000-0x000000000040B000-memory.dmp