Malware Analysis Report

2025-04-14 01:00

Sample ID 240602-2jjnvsaf76
Target 5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f
SHA256 5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f

Threat Level: Likely malicious

The file 5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3446) files with added filename extension

Renames multiple (1286) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:36

Reported

2024-06-02 22:39

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe"

Signatures

Renames multiple (3446) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Mail\WinMail.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Defender\MpClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe

"C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 965cf30f0e2499f08869590569563458
SHA1 fdf3f4496208d58fa84ec6fa1b764bcdbeafb2e3
SHA256 5be5bb0788acb73d588e238d0944143fb056557d473f7c0b72eaeb6693c27bd4
SHA512 2143b413662f0a364f2e7bfb5b89837ba5381dada352f070f88d1520b247301763de5ba3f194138ed43ae9db8b9c6802d2b06f2f7ac5dec1fc947df8cd1cba98

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a087e3fb4e5ccb059ce60aa15538bb61
SHA1 16dfeb8d86ec68dc5b6de40cbf2471d623490c51
SHA256 3f11b285d85dce103f75f4712a2dd0b76516c6d8c177d3678eccf94474daf5b3
SHA512 5127efa28ced6ac2cffc3867cd9cdd4160b7b76b06cbc08ab9bd4d359d24e8982b5ed8a96a9448b0592003d31d9e86b09ef21d735788202c6ef7f54f02c14924

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:36

Reported

2024-06-02 22:39

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe"

Signatures

Renames multiple (1286) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\ExitRead.csv.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe

"C:\Users\Admin\AppData\Local\Temp\5e4ab722fe710f6704c7557ed94cebb5a87b27caa18d4f3baf336a8846444c1f.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 13.107.253.64:443 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 b3e4d87f6cbd1c4807e51bf654f991ae
SHA1 26ce0cf8eeabbbead853be7bfa9bf673f5b29ad9
SHA256 26ed56d99ba87cacb583259e05823f1f00698c36d9818db8b698d1cdcf3500bd
SHA512 5175385b08f181a5a190f1e9f31e0fe5de7a330a4fb42e2c3d2df98a66c3bb679ac7b0c9686edd941630155a429999daa3c8bd6dc57e34c8618a902077179d01

C:\libsmartscreen.dll.tmp

MD5 d5d8c5b4bf0070158ddbb15ad5cf4b5a
SHA1 6e06d20036e607cf55f16516d89272b4b4590aaa
SHA256 6c04c42156742911e07be608cd96f72f0c24ecdc0b7e37eb67175a40851d6f86
SHA512 49a334177c3bd46dd418ca06f5aae1a3a4feaeb2ad20902b646aaddf68a2cb27149e8c1fef6b0256ab38556d9c81862eb1d3de6f46db1560e5928cbb246c3322