Malware Analysis Report

2025-01-22 20:39

Sample ID 241019-zrmdlsycpf
Target 2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N
SHA256 2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4

Threat Level: Likely malicious

The file 2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4360) files with added filename extension

Renames multiple (3265) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 20:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 20:57

Reported

2024-10-19 20:59

Platform

win7-20240729-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe"

Signatures

Renames multiple (3265) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe

"C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 6c63ea054bb24b16631186731d8dc4b4
SHA1 566cf87748a6a3e5f937090c1ce496f39e8df254
SHA256 b845785f880299ebcd8faab7081fba868540a2fbf0b175389ddff52e5aed7312
SHA512 4a7b56cd1a72f78703086243461718d0ecfab07fbdca1c5352167e39ffeeda42da7a40448f9a762ab5b06c42c36a4ba90029479571b7a9a5df61e1308a7a124d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3077d7aa9b75338e1196f0468dc1b84a
SHA1 169e5bc0054e553583e85f0f99d6e374eaba2753
SHA256 74e405b870f97c6c797835c6ca7ed0116ce42f017e3c10b81171eb631779c5fb
SHA512 1fedcdf22dd0ffb2f6b7c186f0b9af8ecc999021ebee3bfc953767e61250ed6e50614a7b6d56e8318b74319b26ceb6d6d9a6078d4971c6e6f1b62bd3f14178b7

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 20:57

Reported

2024-10-19 20:59

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe"

Signatures

Renames multiple (4360) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe

"C:\Users\Admin\AppData\Local\Temp\2f003da296ee78a56572795b66f2367f705231cad68f419b2e8664ea85bd3ba4N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 28.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 3ec86171cca666f69f2f75c948228d22
SHA1 ebe3afb7700dd11feca4c796b7954de1d767946b
SHA256 cae11c7b399c6f0aa1938f370d6762daee1f1e6b8ce37372fdfed90bd09909a2
SHA512 21ad36e8013c5cfbc59946475573362c9d059b0dded7bb973f1a48af1c08f2ec5931036b9080eb955559ecbf58c2ae0cb29d4d2526482f8c5b3d05ec4e625169

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e20242c177a54afff813ed11914705d0
SHA1 b444187e341a03bf394ed0fda3aaaa40dfa94e4e
SHA256 0997785ce0ca702359036649b52822ba188e7d5ce890105909cbec5eb3fdf0b9
SHA512 523625a4a1165360cb902ae76672157808b67ec41c7fa793f7bbcd3ad69ed208804d0b7d92afbade9d48eac3eca520f0c0d6ddf1da7eff15e0cedc7ad8df1274