Malware Analysis Report

2025-03-15 08:23

Sample ID 241021-asc4wsygma
Target 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N
SHA256 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233

Threat Level: Likely malicious

The file 845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3042) files with added filename extension

Renames multiple (4228) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 00:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 00:28

Reported

2024-10-21 00:30

Platform

win7-20240708-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe"

Signatures

Renames multiple (3042) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe

"C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 c4a522e0946d75fbe068f495196d9d4f
SHA1 a8b8f5a4873368328a9cbe529059951be46aac8c
SHA256 c346e0bd31fcb99971a0657985b4b68be5c61b3f7ac762dd107c42b6de89d5a6
SHA512 232f2cbd930a2fc40bb21ec37409d68f4fa5ef4fecb0e89a06ef6b7c2f1f22d13a88e4b1e54872229900cc53e10055a37abf994bae04d052972e14dcfa95ab7e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 95f5fdb9f35c9b767b4c8b2ca387c797
SHA1 46168ef6b8204c925597867e2a1126a751a3ef90
SHA256 c31355a0d6f6f5eb2963b42f93013f5de03933fa7493c872b84f94e14db0196a
SHA512 adf1327cc589848b3ab75061302288a5e0781f909f3de975f38ef317b8af8380320c92a3e52a0bb37a09e4b484a9e653587074cbbf474d5ab3a397ce4c9423db

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 00:28

Reported

2024-10-21 00:30

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe"

Signatures

Renames multiple (4228) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe

"C:\Users\Admin\AppData\Local\Temp\845f3ce3ae227455485d22aa5020e8319adeb2fd3a2dfcec052c2ad8ad18f233N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 d89a4c6bae810de4cd9a111bee4a7260
SHA1 75757b262b90f8f9afe1feaecb9cd6a4099d9229
SHA256 32388d7a56f236ccee520369bd87387a54ceaf1de4e27d5bf4555c7c00835307
SHA512 b117369f8a6a215e6c53816ef3df61a6f28ba34fef6805162376013bc93d7c17f215adebf0a0adda9aec4dd5aad9f6292e811691d3ff89cd114113126714d267

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 14946655c5aadc0b1bec3483b6b5ef37
SHA1 e87fed37e0359b569e89a1d143ffe462ebb5bceb
SHA256 5476af7533b0486c068e8d8f1f967c3d949857388de3d8edbb32bc535a5bf580
SHA512 5ba9de81ba28973bd46150e7789cf2a4439a807f42b2c6f60218c310968ed7e8ae7dadb038d051c779ee8a4f3c6c098dacd3b2a0a4a5f708585668c6833f9022