Malware Analysis Report

2024-12-07 10:18

Sample ID 241112-xcv14axncz
Target 455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe
SHA256 455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225

Threat Level: Likely malicious

The file 455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3184) files with added filename extension

Renames multiple (4539) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 18:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 18:43

Reported

2024-11-12 18:45

Platform

win7-20240729-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe"

Signatures

Renames multiple (3184) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe

"C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 2929503adc32255b520041c0f9857a7d
SHA1 76d076df91e1bb4325762a33ed132df1e73fed51
SHA256 487c06ad86a6ab6a4e8db319d2229605d66389bd5f5a61ef8355f19471f2880c
SHA512 3ed9d931ffa5ef129ec9cc547fd0a38763ee41708453bc5bb2a2b4210fafd2c0dffb615ccf84a96dafe922ee75d9fe8b6496e3198f6ccfc559cc7afb8298fe4b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c7fb0c3491f72299f4b4023f34bbe817
SHA1 c0e022445b250bcc8092dd050a711e223da100f2
SHA256 fc834ae0987a2233eefd6153c1a38297baffadd8bb5c4407fc536aeed42e280e
SHA512 99077b4137226becb3949462a2a86982d59d207e3300567c78fc85dc8468f42db1b58c8f46d819582e65606f200a6ed00842d1908516145f33e76ea255a223f9

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 18:43

Reported

2024-11-12 18:45

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe"

Signatures

Renames multiple (4539) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Crashpad\settings.dat.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe

"C:\Users\Admin\AppData\Local\Temp\455fc548d7ec39eca6db7e4085a2419136e81801259ae3ba227068db1b00c225.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 25fe8d0b4eb6c021a9da7898242094d9
SHA1 96124d95ade8b89719440d2d0779f5d2f8b8f9fb
SHA256 9902957e4edfa32ece82191a750857bd639adbc7b2afbb51960bc98fa8b5ed3c
SHA512 7e42d09c4b3790c119b7c1a3af05573c832e8315a92f028e243020ad2647def0b310399d7723bda6ee1b15bc14dc144c5363e4ff48d101cbe7fd099df15204fa

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5a0adfe20e70f8d2c84bfa04ac6aab9d
SHA1 7b23bf6a63a1dda8294a53061a86049352aaa4bf
SHA256 2a95090f148e765f8c70cb276d24aba3bd1d1b51114eafe34272602dc695945e
SHA512 298712f6d2200275b9dfe13b56c8a453407240a65d4b028e6d3b921edcd5162762f2304dc7e3d700e285dfc8ae492c30b1c1f96aa8ea842a99df440a52d764a9