Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xjggaazejq
Target 510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N
SHA256 510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63

Threat Level: Likely malicious

The file 510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3193) files with added filename extension

Renames multiple (4607) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:52

Reported

2024-10-16 18:54

Platform

win7-20240708-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe"

Signatures

Renames multiple (3193) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe

"C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 5d3d5cfad47c5923a9e4fe3eef2a00cb
SHA1 f609608f7c57df18ecba960586ccb41d888fc24c
SHA256 2bd6598a066a8b43073449c5e5d8d9d226a44d6e2c8eaeb95feb7f1f1243aff5
SHA512 b59ee4a0a78bf73e948a66610c98323b2168a9ce02377da61cd7ffa70d684661b296c456ae62ba058f2d8deeb67304f0ae9f60a4d0b54fc5e59e64cdc7a532e0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0c6a20ee51ce98a7d564d21183be7b5c
SHA1 79ef8f0cecbbb6518164cc406f9c5098686d5a3c
SHA256 c011d2edfa382663134cbc0ec1221df9080e215d0c72c96ae758f6dc16459f06
SHA512 ad17c051fe484735e8c1a6aa89ef13a2a9f9c3ad5ba14313d7c64a29d783be793ec8e2f1df5c2d487c5de86131ae030392f711117726b9846d98bf3cf1117806

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:52

Reported

2024-10-16 18:54

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe"

Signatures

Renames multiple (4607) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sk.pak.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe

"C:\Users\Admin\AppData\Local\Temp\510af62a1a0764c24fe6cbe006db84f81285d2a086454ebab9f49044db7e6a63N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 fcc10673579ac689472bd22e919c7832
SHA1 cb96350922fd07badd74fe86a16582dc430a39c7
SHA256 44bf99df0b035154cb1e93c7a6e3bd049343f9754b18b3ac892867b519fd2898
SHA512 e561aad80114381ef8fe9e079cb0ce8f417e4b76400bb1b332e8d9ff1b82127230b610162ef8e9a29c659686ef5b1ee69efe6de2dba9f72d007b1f405a9d840b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6b7bf3540d5c8d36a97f6263873129ab
SHA1 98d2424b3ce4246a7f805e4f7dc875938d37a34a
SHA256 028b1c47ccbb48559675b173fa872f571cbbb2ce45311a18b601464220dabe05
SHA512 9d1655813ebe2a1e13f27d09ead4e0de2152929744e04a639855a11238080248e8f9263e5fd672bf611d453bf1178a9c478771d827b5a65d7c6907ab8d9d9e5f