Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-vt7ecasbnp
Target 0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N
SHA256 0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509

Threat Level: Likely malicious

The file 0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4613) files with added filename extension

Renames multiple (3235) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 17:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 17:17

Reported

2024-10-20 17:20

Platform

win7-20241010-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe"

Signatures

Renames multiple (3235) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe

"C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 d4ac9faec5a505eee50733ec876a211b
SHA1 f7f1be05fc2c140cd2736b40157afee81c33942c
SHA256 4a03c8a4ee0e26d878809a6a5f15c4f91c8f42a201b5f60771cdffa5999a9842
SHA512 5b98f3172c04320441471b3a717bc3e9ab56e05a10bfa8e29091e8f87ea9da8250f2fca36dae31a6564cc99709ba4a51fa5164b5342a3d05552e0440df92749e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6ebd3d8a8e1cbe19c5877f36afe32b98
SHA1 d67a4ec5ac660418825dd49e81bf74587a5dcf68
SHA256 77cd441d5ce0d957c82e8d7e705b9d17fe119eb76789744609059b1afb6a6df5
SHA512 0d90681c52c95144ed44ec92c65083523699581c1bdc802024b32f5ef4105968c7c1bd9c7834449497546a14e7117ad3b7cbb672025eff43b7b47b0de3044cef

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 17:17

Reported

2024-10-20 17:20

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe"

Signatures

Renames multiple (4613) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe

"C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 a8b2176edf87348e689acee0c0c78e41
SHA1 bf207aec85dd3e8b8f4e4409ce70608d7c6eafd7
SHA256 38a4aaf37f3b529a4b768bc84599c08b27acd45862afaee8c130944399790ace
SHA512 0a5350f3d2ede14e571b4c74f4f6cfd24d570c036dc6519a3175b09d75618f95b1acf58bd4482b9ca69046ddb515303281dc5c9eef4a63bf930f192ea8cfdb34

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 89b81bb240cc64ea9d55e029f0bf1290
SHA1 071d0323f4e81eb90e3a731ffe2ffe4f9c23447e
SHA256 4547cab674b770ef18c091b1a098aa9bc9162f8faa109df927c87cf92da1555b
SHA512 d8315bb9d108cee11786a0150fa79b0d9ef1971a7e056c8559d9de80ea21be2bd14a54a951cde56102f9e5a80c2b7b2719a90e2f2ea4b112f7890c30c9bcb6b9