Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-vbshga1bqm
Target 555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N
SHA256 555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907

Threat Level: Likely malicious

The file 555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5104) files with added filename extension

Renames multiple (3784) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 16:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 16:49

Reported

2024-10-20 16:51

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"

Signatures

Renames multiple (3784) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe

"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 29f40ad0539538cca1a8227358fa08bf
SHA1 112be0697088dce5a9bffca6d57269df6e72f063
SHA256 a3fb2f1901a4f463fa0a3ea54ac89282a9daae59c21d35fc14eafcea585fa749
SHA512 74b927bd23cac53d05ec23f570a7912cbde9567c02ca2f928290668bda5be93d2edba87daae7f08cfdb6ae3fa78c7f726905b1eb0d57b2d282fe22608acc6b0e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c305797072c4eb954cfc8bb7d9317852
SHA1 86dcb3b536efaf7bb0eac3825a8a353d47e84762
SHA256 80dcca52612771beae75a2e9b78cd5af54c096e65caecc0fce40a76e21cbefd1
SHA512 c434644190b8edf460d0f78320db5e47505b617fc45438c68042dc7155218d5c21cde4ffe19f93566776860ceaca113d22711d2ea14fd1eece18592604c1310b

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 16:49

Reported

2024-10-20 16:51

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"

Signatures

Renames multiple (5104) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\EnableUnblock.zip.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe

"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 ae3b7a705401fdcc0b7cff7f3011e956
SHA1 c5e9174c8a0528f953bbd6f9f8f5ebf55aa5df73
SHA256 58079cd543b27a656e75e6f185e121308ed0a2ca78e8234b54ecc4a8f0847f17
SHA512 cde22311dbf7f84e3d88476717475112eb728f40277ecf9022bdb11805af33ebd26d99cea9d9061bb74e22641c36bb65d1d9940f9f158fec651a761fe78b68ca

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5bd5bf3464269ecca5c99d5d2e9ff301
SHA1 16dfd14de380ec0d77eeeaeb2688846f1e745707
SHA256 998fbebc6c365aa4f975c41072d595c429289a687ec503c5dd41b02bc3a9abe7
SHA512 f4c57b24445bf85bf8b4ae27f5e9654d16494af8f24c47b15c97fa4f4835afc53f0a076a86dec4242b249bd0baf5ecf9ad2dd5697a82adc820966b6b8b696bcc