Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xmj2kszfpl
Target 1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a
SHA256 1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a

Threat Level: Likely malicious

The file 1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4862) files with added filename extension

Renames multiple (3727) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:58

Reported

2024-10-16 19:00

Platform

win7-20240903-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe"

Signatures

Renames multiple (3727) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe

"C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 093397001d68a434bf93a54755dd971b
SHA1 0677f515e7174707a101a4348fecdb1e7d0ccabe
SHA256 e5b841e47f80e040fbfeb7c4582b81b4bcd7a2850eaefd90840801168bc4a9f3
SHA512 062986b3bcbd7ba984f384142f18ac8853807f78e12e07ed0f70ac12a89479b485a0bc3b43150ba129198606c504bb009cddf35559cf9f8638efc9450a86ca36

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 394c14601db147523ccd339e2f15d8e0
SHA1 d68e50e2f62bcef6d62a807091ae0a966c4062d8
SHA256 dbd2a53b54d155112d6c0e16e2db0433cb9e0803870ecc924cd9877011e6030f
SHA512 31708aa7df75c5f86e3aa3e792d0e8d73bc5df2e5b6e61be0bd4d58a5df00da21dfa35af076a7302c3ba6cafa28b86e1b1a8e295fb97496be6e19b0bc96d229a

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:58

Reported

2024-10-16 19:00

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe"

Signatures

Renames multiple (4862) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe

"C:\Users\Admin\AppData\Local\Temp\1969616bd103ac2bab953abf716814f32fc9c3ca7ee6e9899a1dbcfc2c2ac69a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 d8b57cbc67d52baa7b63824515ea4306
SHA1 452cebe471fae82a9afe8e24696ec942fa7d2fa4
SHA256 c88936f2fcfec74687f8b895f1af2931fe2fc13fbb795dbcea5a87d2deecb431
SHA512 b9fa9da2e31eacfdef4974f476347b33fe150db77216439ce3cd7571fadff3424c9a0048d7f09dab0b984fc13cca46c63ad5dd0b2d088491471a81907bd4443c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 827042358f9791da7823e702f886fe2b
SHA1 93b4aa78f2d5fa7da29ba53c9be89cca36d23a03
SHA256 1873139d0efda9a57778c32b35e24c6fe58c797a9cd94e68487d591754d0fc35
SHA512 11efab1ceded41293c26ea9d79c0fbad3dbf1eaba837dcd45d3cec81188fdc988ec49289a42f267f223f7db0b14a38bff649ff0b548386c72e50d5bef7f56db7