Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-yqyvks1crn
Target d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N
SHA256 d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683

Threat Level: Likely malicious

The file d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4548) files with added filename extension

Renames multiple (3136) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 20:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 20:00

Reported

2024-10-05 20:02

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe"

Signatures

Renames multiple (3136) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe

"C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 420447651358b7273404a914cfc0d7bb
SHA1 d5aece9ca2f6ae04ab88d9654c0ec09ca3375b29
SHA256 6960f1e63d02dc715a644fbf64672268141db4df0095c07d4b9df5d2761b9d37
SHA512 6e557edc7a42519e1025cd212e291b35ef60b8d469df53766345beea9a2c14573ba498f7a40d383e2e8543ffbf0ef19606918a831296cce4a6d48f2c0e392fa2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bb07f79b9422f68391ff563c1e88f4ab
SHA1 d613217bdf02b8a536f6af9c003162a97c2705e3
SHA256 80b2191c570f1bc1f2efa08fdc9397ba6c304001d36fb008e911992a55551022
SHA512 1dbb9023be6db2ce4ee93beb968fd6d852e3edf2d6a409864a626aae8a894e5b8eb46de7b09d3762e74db8296504cba208d1816e5ccb0686b1dfa254ca5c29a3

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 20:00

Reported

2024-10-05 20:02

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe"

Signatures

Renames multiple (4548) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe

"C:\Users\Admin\AppData\Local\Temp\d457ecd961565056f89ec4fa065b67b1cdcb046ea3caff7ce476844b5dc04683N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

MD5 4186f8108f3178c797dfc607bb09356e
SHA1 af2add8d4cc6be00b438a27d103837f58f0c9a94
SHA256 4046728ed66d09fc3d88fa678d9e98768f265a08ab4bd04955b3e41ff1604ea4
SHA512 d68e14cb7d7bc1fdfd7329aaa2ad15226fd7b73c19235d4027fb24e19f7a9d54c59eaa7bcdceef6dc5708e5a29685c79f51f82648a271f55c829b8d108cb0b90

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0d85e4f4bafee95ce9d31a74fadcaa22
SHA1 c05f8ff6f65cdfef6449c9229f704c01c0fc5bef
SHA256 8fb0b51967d6bb637bcc57682b213e42b98774df3305d91b83f00f0d8b51acb2
SHA512 fc9a1a56a67b995da932d3d9c67f27cda85f461aae28c12abf83b798722933c7943c735ac7fc5833bf4631ac481be5a762c4822ed609fc9ca7d73041c2f26b28