Malware Analysis Report

2025-06-16 06:30

Sample ID 250515-h9xhvstses
Target 4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760
SHA256 4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760

Threat Level: Likely malicious

The file 4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5270) files with added filename extension

Renames multiple (5366) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-15 07:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-15 07:26

Reported

2025-05-15 07:29

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"

Signatures

Renames multiple (5270) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe

"C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"

Network

Country Destination Domain Proto
IE 23.216.155.136:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.251.37.35:80 c.pki.goog tcp

Files

C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

MD5 32c61e805d49ed3fb58c282cb527ecbc
SHA1 f48645d712f3e05737af579b98ad98daf991008e
SHA256 9a62e50331b29170338009b111e693587d1f1a2e1a935fd84a4c004648cca46c
SHA512 59cdb9b0a641110c4075b14074c0efc8c1a559880c7f5a845272e5f7205e9baceb95fa1f299ff432d412e807380eac163e5077690af3f03852fe16c8c3bfabbb

C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

MD5 b523231104642743b741254ba023977c
SHA1 0d8b51e62e6dfac15ac1a6391a2a9a35564d6aa8
SHA256 daecbd74ba1da017dc207eea73ee9d535ffaf5ef12a7b00f938fe73c7c36e117
SHA512 f1579272dcf4975c241738eca0f484ecf8557901e599151c7236a5a8816722e695b306067d2d2065a7df24e9d3127c2bb6c020890fdf0d5d3adaa42484df2ed6

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-15 07:26

Reported

2025-05-15 07:29

Platform

win11-20250502-en

Max time kernel

149s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"

Signatures

Renames multiple (5366) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe

"C:\Users\Admin\AppData\Local\Temp\4126bdb621eed307d86b121fe11f60cd2c38509197a20ec987b54f6f0c6bf760.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1454956602-4007834095-2135319884-1000\desktop.ini.tmp

MD5 7be2ece3e0d732f27df2a6c06ec34273
SHA1 87a648f173004bb1a0dc31e88598f93455150818
SHA256 661adfde33672a04c2f02b1fcc90fc5b9ab5408d0ddd532c64c4f276899aec16
SHA512 021b820ad359e0dbf75f92470374e0efc91fb6eeb67d000dca8eeb8039970c24098644e1863d5a8a64789ca82357595bc6e9ddfcc9914b4e6c1bf7093bc131c5

C:\d556e8f40e1fe2150ce3c75a1b83\2010_x86.log.html.tmp

MD5 7597d281eca6d867fa61fbdb1a9b00fe
SHA1 15756029df32071280865d8ba44c5b51c8fc30a2
SHA256 f8e1057df18f5035f10afba23178652b82c22799aadea7a7a693afe2a79915d4
SHA512 074ad72aa41d293d5b526b37961060906528b74c83621c55ff41054bea8c56879cb6e869aadbdbe88db078235d042b066d45f8fbc19af1a60fe16ca895f88863