Malware Analysis Report

2025-08-05 21:57

Sample ID 241006-lmz71s1fne
Target 164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N
SHA256 164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76

Threat Level: Likely malicious

The file 164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (357) files with added filename extension

Renames multiple (4679) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:39

Reported

2024-10-06 09:41

Platform

win7-20240903-en

Max time kernel

120s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe"

Signatures

Renames multiple (357) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe

"C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 59b3ae21e302af38fd0551f16146830f
SHA1 1f82eaea61e662612ad86b060a679192fa263c25
SHA256 6d5ea76b88714f69babf3576f163e081c1898f9ab7de3f7e2c52105ba16dae00
SHA512 f13592457e86b7354d378a8a79d9daa3e772ca189a3bf6a83840d90ca6c04e45cd7ab60e90c69b9529f3a82a41bc587cd5493149624f3a912aa2845d126cb7ea

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2a6b66ae90d97fdecf550cd0d2a669a5
SHA1 89252a8e2f65331027af121190e94b06b13eb12b
SHA256 bc011baee168e2efded9d3d5a5ee567de7eb2a40c5ed5dbe24bca7c7ce21c0c4
SHA512 4b832700c044837c1842fa67421a36f4bd3363ed670d535a025658f650b1624f26ac5f27dfdddb827256fd1a9cd5a79c4583e19a6bc302cbc9fc3ccc5bf8b0c6

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:39

Reported

2024-10-06 09:41

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe"

Signatures

Renames multiple (4679) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe

"C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
NL 52.178.17.2:443 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

MD5 e052bf8890b84805833b64e1cc0f5783
SHA1 afb1a38a613c30056535431312cca5e3c3ca0192
SHA256 3055b862264d05a75a0e9aa0d6a7ee9ce7f0d59f0c7d17454d50a83e4cc87c4d
SHA512 edc576f4d5e02371b534959272fed30590a7730f6e283fe9b59a423e35b2e0cd5821426e6fa30f6ae84a5b70ddb6e20cf72826efb0c896643ef5ae757d3988eb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d93df54f4ce465f61bc3e91a96ffbf10
SHA1 65cba06ef5633d2d4c65b27381f41e1495ccec6d
SHA256 f3c17dc626b193fd6cf30556260f7f5814f701ebfd303c7335c699ba6e93683b
SHA512 72bdee31f02d60564c29f4a7f1e7d5eaac405bf04f6eeca98ba3078897374d5c69df160ea888fdcb491b3aca48d9bb190a2c10d06af728f6407b41bdef05835b