Malware Analysis Report

2025-08-10 20:10

Sample ID 250518-lymq3azlw3
Target 7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81
SHA256 7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81

Threat Level: Likely malicious

The file 7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (404) files with added filename extension

Renames multiple (412) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-18 09:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-18 09:56

Reported

2025-05-18 09:59

Platform

win11-20250502-en

Max time kernel

150s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"

Signatures

Renames multiple (404) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\CompleteGet.raw.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe

"C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3518521428-3897247806-4080064211-1000\desktop.ini.tmp

MD5 7881c38eb4f5a641b04f6cb4eaa19461
SHA1 fc4e6fbfa8bdc4a225d2a3375eb24a90fbe326b7
SHA256 4aa3c0c30a2f3153301693229f12ab8d36adc5c723f9fe5916ad57059a5d550a
SHA512 02b191366eef77fa324f92be199b3969f529d5127147a05544212577c83352741565f5016ef536ae2feecf060e39b4ae784e4816bb495785c5af5bd3c69cae05

C:\ef24ccacc0fb7a1128713900cef14716\2010_x64.log.html.tmp

MD5 ae2b93c173ba6cc7d8f2127eea5c636f
SHA1 710394247eae81a7932e3af1b8fa0acfd5f2b473
SHA256 20f720f08134b900596864410260a515d0247c40b25659489afb17f52cfc7a44
SHA512 a1cd814856c9a6624298fc5dae43dceb73a2a782ec9016e37ea7178d33f3d8b7c2b7febe771c1524e07d896c6ebd7d637b22ee03293828c97377c9ba9a73041d

memory/3000-95-0x0000000000400000-0x0000000000407000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-18 09:56

Reported

2025-05-18 09:59

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"

Signatures

Renames multiple (412) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\CompareUndo.ods.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\BackupUnpublish.crw.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\LICENSE.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe

"C:\Users\Admin\AppData\Local\Temp\7af27a5eab054cbc72d9d785e91d01b8ea108f82a4631d9d4a31997fabbd9c81.exe"

Network

Country Destination Domain Proto
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp

Files

C:\$Recycle.Bin\S-1-5-21-3299287909-2279959458-198972791-1000\desktop.ini.tmp

MD5 e7c646469be049e3203f1f581384fa39
SHA1 86e666138e12374dcb286e5e81540c3eadb9c644
SHA256 4abb1abef9843871a13cbe41d2e618bb6d4c244e2c10460a243a470c92a6c3a1
SHA512 dd64ecd1cc91cb973d9ac5881fc975efa67030ac98a49140db68b33476c3768ccb62267fd48e0ed9bbb587fcec69772ff4a10fe57d90208dac52eee4c23cb61a

C:\8e056885788215100b95f8050bba49\2010_x64.log.html.tmp

MD5 604bc25d7a58da5b495538b9fd192de6
SHA1 76ec7613e9a11359be96fe0b0fb17149d00cdbb6
SHA256 eb1a648e9f2c8e2903031906026f86cf7abaa17e2a221ad29e9c455599dcb798
SHA512 e60a8f7edd6e4abbf79a9bdb5f2e46a951ddea4d4034854a747ab6df2bf4910b8db58711720923b1f6b7ea6be1cfae15fe5cc9ff026ace524b274e85bd75d3f4

memory/2100-103-0x0000000000400000-0x0000000000407000-memory.dmp