Malware Analysis Report

2024-12-07 10:04

Sample ID 241113-ajhysatepm
Target dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe
SHA256 dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5

Threat Level: Likely malicious

The file dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4356) files with added filename extension

Renames multiple (422) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 00:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 00:14

Reported

2024-11-13 00:16

Platform

win7-20241010-en

Max time kernel

120s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe"

Signatures

Renames multiple (422) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe

"C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 5de654f8e3255a5f8b44fd13bee52e58
SHA1 10db11f657f8b35c9ed7accc808b790f104d5c51
SHA256 b45a7b70d50b53eab61c6ab2c3db770ee51472c90337cb885f7cb6ecc5b5849d
SHA512 f22672bb0f50fdd865405b36e547c0d57c328e1e191f63b8c4d8da48514f95113bd3407a83273fdd06cc40bc152bb43b6cd5d7b7f0bdb4994b1795a20b1977fe

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 18a15439824cbf02fda24e239aa44b25
SHA1 f1590d57292dbf07ee5b1536e20cceca6828c580
SHA256 da187dc20e0c7d8fb17c96a635199cc45cb41d3dcd1444381b18fb0e471abb16
SHA512 cf42a8d6d5dc07ae6fdb79dc6e0668304cbc7998229999b5db33009d19be15d75ed06840bb3920948109b170019b2ac85792df53ad84a1df095e7ae17a2313cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 00:14

Reported

2024-11-13 00:16

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe"

Signatures

Renames multiple (4356) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe

"C:\Users\Admin\AppData\Local\Temp\dfde8416ac0060a9b206d5b00a52527b0587b6be3bb0301f021eba8760d2c2c5N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 67.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 106.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 3108067352235a0a0ee002cd8ce06e5b
SHA1 1dc73b7fb44c6051562908cf90601388c07918ee
SHA256 9998a9d7ffe6d66a8240977736bfc73db521a82a9abec770427cc1733669b27f
SHA512 fa93a9e8dfa2822b8e7bc3eda6bc20f4a2919c33571c74dfe15fe408aa4f9756163df2deefc684d9c08f401aaccc17009693bed504e79d2cf5300ae59c98f299

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 40b2e176322bd12d2e6ef41b444b3d77
SHA1 8d737f3152fd1414de5ae980680bf7788f788bb7
SHA256 50402ad5d45979f64a50f496e868cacda288522a95bca6e85e88b0d7edb01c18
SHA512 7b24bf407382da217956568e393c01ea049d691e3babfccfda92202f57a324a2381bd0ad479b8f25f7aa88acba81a72c2184ae0645fc6a9fbc90bfa6dbc6e78b