Malware Analysis Report

2024-12-07 10:15

Sample ID 241112-petxtasepe
Target ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe
SHA256 6f7360f8c1aae8cdb7ddf028184d365000287f8807383521a8cba6e97765dac6
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6f7360f8c1aae8cdb7ddf028184d365000287f8807383521a8cba6e97765dac6

Threat Level: Likely malicious

The file ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3261) files with added filename extension

Renames multiple (4573) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 12:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 12:14

Reported

2024-11-12 12:17

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe"

Signatures

Renames multiple (3261) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe

"C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 9c9d10bcd081bd5648cf8e7434949e99
SHA1 c0619c9628fa584613d9141f73056b909bce6540
SHA256 e64e3e7a5ab1863f8a9654f669c482b1ff1009675d0fb1dbae1e494325b5c4dd
SHA512 335aa9dbb5c99ae18c1b8e56e8e2f6514461900cf905e5020a3d9a8df05a54f4b3c23fe1fd0e76444ad146c125607ff3ee68cb32d977b98a925e61862f2f1d12

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b02178ca57ae931ed9913015c4e5bd81
SHA1 0ff4c665a2132ba8ae617e321a33733aae5f8ce7
SHA256 d4d1d3ff2ea52762110c911561c82b2e2bb881431863e95dbb7e1effd28e32f3
SHA512 bce1d3ee4932c01053c3ba1dc6653ceba5846b5340d037fa8d389046df3b23a89a2fa39e07a7aa06a2afef3925e2ae505f529006c2e77cbea83ebcf4fa535d46

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 12:14

Reported

2024-11-12 12:17

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe"

Signatures

Renames multiple (4573) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe

"C:\Users\Admin\AppData\Local\Temp\ed6ab1829e344e4c2b52f2894cbed511a28443f583235dad750ed607aa93dde3N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 100.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 9d59ada64c6662a9a570be529e089179
SHA1 1406d46b165d6294b27c6e04ee7c7f9c25503f91
SHA256 b55d9082ac3b59c9d94787e27b446ce75cdf93a6649fe4ec46179b0fa7425c5a
SHA512 01813069ff648c398720aec66e0448aa8905e594181d80549eac0d72cb588efdb5dacf4170e1d730094a835bf18a449f3c41675cb33be3de34ccf256e34d5283

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2f4364a2510cb834635488cdf01b2ba9
SHA1 6800b4be6af6453245600dfd8f371d1dffa6713b
SHA256 f45d19ebf376a4311aad038d7cea2d08f6b64b53a18526b099c7bde2abbe0b46
SHA512 1e6b2cdf23996a3f004bf1e2057640f508939528ccbd61ec8e7b2e487d4b2153616577ce42d37cfcddc91dbda457c3b4f450d4c18250bd8c53dd1176a6e7b4d2