Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-ykql1ssgpk
Target 33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5
SHA256 33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5

Threat Level: Likely malicious

The file 33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4061) files with added filename extension

Renames multiple (5027) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:50

Reported

2024-10-16 19:53

Platform

win7-20240729-en

Max time kernel

150s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe"

Signatures

Renames multiple (4061) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\PROOF\MSWDS_ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.TXT.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jre7\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe

"C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 7b0199486abbfc99e388f0d15a5ddb2c
SHA1 6f96ec17dfa56b0923c30f6ea8ec5808c8d9d646
SHA256 97b59da12d61baa638ff78ca58b6a8e88f2a29487d44e94261e2aae8d5168422
SHA512 63f9b8fdac6078362cb81f51e4065efc706a0cef87f54fa7984711b62cf9b2fd6afbfc32eda66b2ed77a9d03330e315e18b7671c48b83e6d5bc6c7719741d45c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d82a31a8de087d0a0af698e60dded9a7
SHA1 3e066c3b5ef16e4cc24078e5be4d7431d38ad8bd
SHA256 32a3ed2d240d5c0e200a8a796f510521efb9d31b53a9469519171fc19da51819
SHA512 a5760c7c6eabeaa6c13bf7806c5382053a8ab829a785295c1e81dd46af42ec5de8f6c412e081b861831638e4c9b7ed65fe7984c570b4108d7016affc53644ca0

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:50

Reported

2024-10-16 19:53

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe"

Signatures

Renames multiple (5027) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe

"C:\Users\Admin\AppData\Local\Temp\33c53096957926c7db12f0a59009be075a92a2ba9493f0ab295720cce32199d5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 006cd26e0e1807b8197dd8e0eb92f40d
SHA1 9dee76db25126171b0a63aed8a1d520f85f4fc81
SHA256 d70de0be71536fb2e167a28946882b476dfb575e931bb9effc1489e62fe7d25b
SHA512 f2e22d907ba9a494a45c67e363aae6d211a9cc04d10c62a0a40ab5b29645e37b30c0290020b81c504de90fc3170496235da6ad56ac3e4acfb4cf3561bb2026e6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ef8f8764ba93f399bce43076b9d24943
SHA1 3b6d6a32fd7fa371f81c7228eb6ccc9e9cd8c2c0
SHA256 81b8d049f2837a1ff9ec50a54cab6396cc13b90f62a933c1acd051c47f86eab6
SHA512 82850e1e8ea11f9295f95fc09ff149a629872d9fbbce7e04387eecc2006b5a5c745d39ec0200953e8fa7419a91109c733a3be5a4a2562fa0fab0fc90b0af8489