Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-yrjr2swcnf
Target 3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17
SHA256 3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17

Threat Level: Likely malicious

The file 3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (777) files with added filename extension

Renames multiple (5192) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 20:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 20:01

Reported

2024-10-05 20:03

Platform

win7-20240903-en

Max time kernel

150s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe"

Signatures

Renames multiple (777) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\CompareTest.xlsx.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\7-Zip\History.txt.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe

"C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 35e7482175f24123bd383792046904d0
SHA1 58697f6bbcd4faad3bd1c9480d52fd3b49b28a5d
SHA256 abb936fe75e6d02604de8afd7a7b67c15edbd7d4daa8836106d219324438d70f
SHA512 6e7e4a13feb619207ac12d01353010fe6188faacc71560d9f8d7caf9016d66483bf0a1ba55fa6f5d2eb0871896cfc3553d3d14602af486cf0cafa4537bbe2318

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1b0f6219afba459e198b5b756e392cde
SHA1 c79c27815723956e964a6c6527a16e8439a068be
SHA256 42e288d04506a1cf299f250cafa34fb3d9dcd1c9fc97e962c78fb1a39c30f47b
SHA512 6d7bcc29d98a1ef460e08af4a6f799b876b7595077a40ec3403a253e93ba67aeb598ed1e579401797d1f5fcfb87e5bb363dc17ab6c5c5a89beb7f3e01d4bc48f

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 20:01

Reported

2024-10-05 20:03

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe"

Signatures

Renames multiple (5192) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe

"C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

MD5 70491ec4207bb3b43e43cf617767097b
SHA1 bff92190b0e7cfa43c38f5870a667a9d28712549
SHA256 cbb04dd4ec384f7069ab1ad4f4a11567805daf2b2bb5ce255ae34ee085576d73
SHA512 f45e2458fef14da9bced7522690f55784de68290f1d11448a252abf07028c268f28f0693425903f99a8476c67fd5ee1ff55d3cecd6d7a80f8362957a73665f33

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b826a2d0a2bb7801b2834fa7817b99ef
SHA1 a560482009c02498d707e5d5b0e9f7b7b8046066
SHA256 4ee83cb4cd505abd9441984db75e5c3d046545e82c278d8f0164ac324c3fc622
SHA512 28a0ef1cb32c5419cbc9cf72336f7a18226625d40492bfaf804756f47016611064c8cb59ba5a91222fdc425434faee0700a56c6ed1132ddd747b576abce4e837