Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xgf3qswcjf
Target adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN
SHA256 adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554c
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554c

Threat Level: Likely malicious

The file adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4653) files with added filename extension

Renames multiple (3140) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:49

Reported

2024-10-16 18:51

Platform

win7-20240708-en

Max time kernel

119s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe"

Signatures

Renames multiple (3140) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Mozilla Firefox\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\ResumeConfirm.bmp.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe

"C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 f319b21d70596a3e65e243e4be1af80c
SHA1 7034c2f493f70d853373d5472739c680eddd47c2
SHA256 7aff24a0939d0900ab7cacf3ac95a4884fc94578b7440a4a1e8f5bce17b8b3eb
SHA512 d3ba1baff179c21c463ae8ee7c1a6999d8f40db3010eae63a85532f2278a3c043b87b27acf52ff718c9acf9a7eafd885bfca55eaf26a78959a2bdcda7bab67e7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0dcfbb9d7b6305754b217028b1c812f6
SHA1 c7e44b5468a25d2bd0bdd025c997900a72f131f8
SHA256 3a84d40ba09c19d489dca8361ded1ac678ac16af22bfe0aa297620754358b2ee
SHA512 8e99eb6b5c6f9998a46de0bab19435805f9a5783de9c5c9750df45bab4da6e625919d4900cd601902fadcf660678ad96da32a9c5907c0fc3a7e53f305148df55

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:49

Reported

2024-10-16 18:51

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe"

Signatures

Renames multiple (4653) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe

"C:\Users\Admin\AppData\Local\Temp\adaf6823f6b844a0519f99002e7c5abceb4b0072ddc39642a8fbcfc7c55f554cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 ba9c6a17bf0249179e4d5870e07ca442
SHA1 fb6d5c72a0cd82137bcaf9d3c7d4d68165fa6ce8
SHA256 0b1ad75e22fb6387d6b9da501a0c627de3aca428b4a131036cd1b96960fa3f2d
SHA512 7eb138bf48e98d4c9e22bf0df42009e396ff06ac5f4b76457cf4b8c9fd7ab30deeed2ee97753725e53497e123e9b186bfcec806dda35c83fc6431ce758adcad5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bb12a64151ce4e09644727fc127ecb45
SHA1 98c721b8cba6f58717f67a5796850ce1f8155b3d
SHA256 f94fb6a57e09314c679e2e50de5cae69d10d8d11cdbc1a2df874ebafe7a774c1
SHA512 5064b33fb0a66f0d78885df10f4153f3b3bcd4fa7a9004a456758af9967da48d23c5151ef796067aa7618b05b697f106f0cd5c120093bf719181a647b81c93aa