Malware Analysis Report

2025-03-15 08:28

Sample ID 241020-yx967axgka
Target 28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10
SHA256 28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10

Threat Level: Likely malicious

The file 28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3487) files with added filename extension

Renames multiple (5003) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 20:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 20:11

Reported

2024-10-20 20:13

Platform

win7-20240903-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe"

Signatures

Renames multiple (3487) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe

"C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 03d694021f3382fb3d03cf5c36cadd0d
SHA1 579d0c9c93cdc669229b910b6cadcb3ac89c10b0
SHA256 475760490cf8490ece61a042aaff5b2a79797ed71f73cb066615cc230a012697
SHA512 04d9683615dd357fbb763c45b4a22e552fd9044586c586d55ecc893f0de89fd0228c70fdb92732ec8af2c65a42630197bd0e9c97a2c7414050c41fa51abbf578

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5fc4e8a39bccb8e22f3c27582ca0f9c2
SHA1 7568f64e7c171503ec5ec4e118d98543dbf68442
SHA256 d9e7e75cab7d6bd47daff3b26b3bcbf1871d8b8781b811a699ed8ad743d0ba34
SHA512 5f18c0d3d1b684875784ceead00d55ce41493f53f381447f3e22838c52de5ee7ca1fe37d479ff646a8c7ee5f1b43aa430063b5bb32a10561e3931831a7f2a463

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 20:11

Reported

2024-10-20 20:13

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe"

Signatures

Renames multiple (5003) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe

"C:\Users\Admin\AppData\Local\Temp\28d4f27211c7c46d07f0bdf59577d80068751c06330ad60ece43afd3c1715f10.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 43122c44ee5be13b5b554f29e8b55aa6
SHA1 758c1414376ac8bf46c7ac3ac341ba47642d76bb
SHA256 1dc1b30995d27bdea587d39af8357aac70676a09362ec26edcd5a77bd477c5ef
SHA512 f76a5f90c845b536123a1f9b64a4f63eff3a119f8e9412250c32d3a5c3dd22023da033652e6145da54363b12e83c39c3b1465c704b3d57d0148e87957e79c830

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a22560ec5f9a97560dbf25a98b24b02b
SHA1 e2a7d806241dcf0f929336d21230712f62cbe99b
SHA256 8fbdfaf558e0790470638c35916be49b640b21d992cddda3e4ce79ce740b0c3c
SHA512 0294ac24758e03f63c350ed0ec27c8864db22d94e8ad418bd71ed85f36185546021db10635f4b1d90396ad532708c4bea8b35e932bdec20e46dd58aea59049dd