Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-x5k2lazeqn
Target c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N
SHA256 c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347

Threat Level: Likely malicious

The file c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (1151) files with added filename extension

Renames multiple (5005) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:26

Reported

2024-10-05 19:28

Platform

win7-20240903-en

Max time kernel

150s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe"

Signatures

Renames multiple (1151) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe

"C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 a2460408ef4709349cda86a220b68e78
SHA1 b443c7126dfdafd6a6703db3b91aa05e287d3ecf
SHA256 59d2ced1fa20b50e1ec7dde341946b82f9997a42663b4c58221b0193c7691711
SHA512 13bd778c3242ff3f0aec4db46b52772e5d670417f0fad0a061e3b87e3671da1cca8a43307e0c7a7dbf5c4e3b5dcfd04b3c7307503f8f8e00fae00694362de92c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 66f1a21501a459c50bca57fb4ce48a14
SHA1 087e4901f64e9ed6438a82841d89135a3c3663d9
SHA256 58b4d7329f41e84f93958d2ac466c7e96df6d9af3aa63e4c89e58042a121c859
SHA512 c34ce16f7c6affb67425c92c2f70131601f3cf84aff061ee7c8725c87e7568ae20f47d0f2a12d65d8aac83b5a18251f437b7bd97a331b60bc13af312ff6bf6a4

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:26

Reported

2024-10-05 19:28

Platform

win10v2004-20240910-en

Max time kernel

150s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe"

Signatures

Renames multiple (5005) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Crashpad\metadata.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe

"C:\Users\Admin\AppData\Local\Temp\c19dc69f34f93e0591399ec8951653a6f0e5ed114dfc87ce530de1734d689347N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2629364133-3182087385-364449604-1000\desktop.ini.tmp

MD5 44cad91a39dc07c677dbb569238a17b5
SHA1 877053e3f63219b4a2c9209b15ccf9fe28bcadf5
SHA256 3a9ce9cf3dcd6235ba26243caa89640ae35cbeb34d04afaaefe234e5c7e53486
SHA512 4e58fe042b6d5461aec9e716489855010e8bfe140e6a32d76050335024665822707aff72a4d26a645e89afa67f8fe1c5210a5a33aaf52d65263d3af095ff3e0f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9f31d93db646e367ada1bd510f03a836
SHA1 928df1cea3e3808c01b0f29be1795443acc1fc7f
SHA256 193ab58fabf732b77fe992cc04a929da9df375b3bfcf3ac1b67fb9285e06f6a0
SHA512 f4260e2c1b8b5e72e3069acf1edbb232a7da355adc389517780b04b9ddb71b48fa9e1f35594ac45a6bb0a23bf31b265201c3619c584b8d0f8aa25fbf166c6f2a