Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-jy8x7a1alg
Target 140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN
SHA256 140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62f
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62f

Threat Level: Likely malicious

The file 140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3233) files with added filename extension

Renames multiple (4647) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:05

Reported

2024-10-16 08:07

Platform

win7-20240903-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Signatures

Renames multiple (3233) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 cafab50dd676f0d79d15b78e4bab77c3
SHA1 3f180f48db40270dd871ee79dfab3a31567f27d7
SHA256 74c454ca973ccc24fe145139b128df0398edadbd96abd6e972a3dfac3356ec06
SHA512 c1ae2ac1041d46804bb8fd88f0fd733a6ef551825089a45726ed674a4407dadbea62a2f216efb17c2ffa64ad0279e0b3da5c80ee9fbb65326f87ca37f6de7c30

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2571583fd6277608012463e9a1c2086c
SHA1 133d2932462385c540ac33d5c5a5bfc3fa1386b2
SHA256 02f2915300daa61023644de81d13afbfdbd44e904c8fc9aa4f85120804b07498
SHA512 101d28e7754a3ac2193caedc33672e65bd563aedb8ef87360a2b0b37e1e26d220092266130446b05db427bfb80bd95353193b986216511274f5731e0d6840c98

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:05

Reported

2024-10-16 08:07

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Signatures

Renames multiple (4647) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe

"C:\Users\Admin\AppData\Local\Temp\140a068f04c76deec8dcefe42292bb12a63c0de4810376d413acec7231efc62fN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 5097c70199c9e15d4c1ce3e88c120c23
SHA1 676045a79033f8f5a6738e0d068e2b9fe95a89ae
SHA256 bd32269f970327b8d07b647334d698cd48e19db83a4bc6e4bd86f76f43d15438
SHA512 295aa8f136175e86c26efe3cf78f48887116989a09f06f803f50c83a7206c961a69f9141fcf4b80e099ef94349a90122b1d0e6d58063299bcfcd9e87277f74bb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f9c6b10db7790eb732c1631080e5a725
SHA1 c49db91a8e0f0debd208b75b77a3d65e5946ef45
SHA256 adaeaaf44d0ce4bb8582794202ebcaad63bb7d46339dd75c39f554361c3e5ee8
SHA512 bdc3575d7cdd6a38a181f7687bfcc91ed7567dfe0c760b34a2ee9bf60fa2547e70395a2ce6e13f14fd9c07d069f297133aab461339c934effadde8220c1c7505