Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-jq18davbkn
Target 62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN
SHA256 62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219b
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219b

Threat Level: Likely malicious

The file 62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3849) files with added filename extension

Renames multiple (5246) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:53

Reported

2024-10-16 07:55

Platform

win7-20240708-en

Max time kernel

150s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe"

Signatures

Renames multiple (3849) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\xlsrvintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\PICTIM32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Journal\JNWDRV.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe

"C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 beb0496ca8f1c1918e916053fe6096ef
SHA1 5d4910c5825396a0d59cc990e98bc0bae14f806b
SHA256 9e067b23c1c1e6115da7b99274dac06cd6538bedb28f9720ee7c21bcadc7cd56
SHA512 5bbebc10b73e6a172a7bd51d084d6886e05cdbd0eb44f1f99ddbe2404ac0d4258788f3efd081780f7f22b7b771b5817ddf3039e90dad8d1665ff5eaf06dbc4ea

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5a504656bad56f5c13d48f763f372057
SHA1 0c2e66963b9c58687d3d18e46a88ff6532002556
SHA256 56eb6a68c76744e6722c94cfb42d25717ecc2a1ea50b662c991263b1ff4b873a
SHA512 d9beeb51e0e506b67207e847a510e0a9fc1f084cc6490a53b507f3995eb03cc4af8431f968647c76c76e5e47153a3001dede9b59216a4f123571289ca0337ad3

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:53

Reported

2024-10-16 07:55

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe"

Signatures

Renames multiple (5246) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe

"C:\Users\Admin\AppData\Local\Temp\62eff17da9d669c1ed8a199298cfd92651944a6c27544148161534e0b80d219bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 50e02232e93ed8babec6e13d169856a2
SHA1 ee7e680b8f0d382ab1b321d5a60bca83c74e886d
SHA256 5a18da9403c3d2cebefdd54242aecf7f27a4f5ef6389a5b079ce1207ecc16564
SHA512 8311e64db367a4add830f5517e70b7c89381a32624dd867a734ddadb0e586f2cdd987281a71fde879f18d92e9ba515ec054606f4ff309f61c566bcaffc1af7e5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c7de2810e0cb21e1dcf9dd1c9917a7e6
SHA1 d0c17ac48b678dc16b093a5cb79c90b85f414ed4
SHA256 0a3933a745bc80b0d3d21a3f4d2df4bafd82352f998ac500246d61999b4f5e74
SHA512 883201418489aeb3ad4f9d1c2a8e04b881cc6ff45efaab495481330a603f48ad6a01959f0993f6621503688bc6aeb500b9ff40f1dba142a92b454e5a0f1a970e