Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-lmtega1fmg
Target 95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N
SHA256 95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374

Threat Level: Likely malicious

The file 95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5199) files with added filename extension

Renames multiple (3784) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:39

Reported

2024-10-06 09:41

Platform

win7-20240903-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe"

Signatures

Renames multiple (3784) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEOLEDB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre7\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEXBE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe

"C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 cdf40efbc47b24f2455178ddc3023c12
SHA1 cfe173e393776b62ac80813cc747adfdac2de7ee
SHA256 1f4fe7f6aee2f1567a0ff2df24b11f07740a8d3bf109c468c655ef9ab1eb5f0c
SHA512 fa52843ae504fffc7adb6ad3bade0e9161c454dc57b26c1afa8173ead5292a6c1dc3e57d580aab6616c96be756a60893795a120d0d1902ec999aeee8e73a5c98

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c5b20751f8f00bf0312530bc52ffd695
SHA1 d3b0fe7bc609a73d77a339d9b0aa7307307180a2
SHA256 5f64cee5fe9934cbfe616aec1f18c7a88a59de5d66e95e0b48b4ef8eef5745bd
SHA512 8e96ab725ba79e37d26eed4e28183f9e49c315ef9641b615121a62bb4e4069e20c70fc628ee4f02263abe0bb6827d64d9e05d54bf127828523b20068c307ac30

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:39

Reported

2024-10-06 09:41

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\CompareStop.kix.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe

"C:\Users\Admin\AppData\Local\Temp\95d7740b6951ed61b160927d498c17486c55133aa91ea69b5b6d7a26ba042374N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

MD5 d6854dba6007459bd757cc260730c1cc
SHA1 6304727c602d7eaad1017e2bd0d39f7cd216996f
SHA256 d98b564941b84b0222187cdaf8de7434ab8fc5d69d4536fff4791a7c17be9431
SHA512 c2d61c01eb7beac540207745a606a7c15e17c2952625a7963c8d8cf45615c025659da145ea468f5430fc552fdea9a7cb3c9b7d1bb0efaaeca188fcb022a61043

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3cbb9bb175b5be1f2f263898fb7e16b6
SHA1 aa2ef27eb46a7d3d7ddb75a31fb681d788e1d319
SHA256 4718d12dbf9757b348b78a2ba78e65b7e740c5ac506061acdc2bd6afe510aa09
SHA512 f07125b1fdec7f964c156aa012231e7e76921ee61c921098d2feaad943416ca7ab4b4e8740383e142da090dbcc272502e50bd5c3e5331b95739d6ddef9d587e0