Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-cqh88sfe9t
Target 1d4dac3e90b40b91d0184fa4f6823540.bin
SHA256 4bf897677e2e9dfd45bb61bc33f503afb53f8edbf7b17bbdf7060ecb8bc3aee8
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4bf897677e2e9dfd45bb61bc33f503afb53f8edbf7b17bbdf7060ecb8bc3aee8

Threat Level: Likely malicious

The file 1d4dac3e90b40b91d0184fa4f6823540.bin was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3516) files with added filename extension

Renames multiple (5188) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 02:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 02:16

Reported

2024-06-08 02:19

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe"

Signatures

Renames multiple (3516) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Mail\WinMail.exe.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe

"C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 17a92d5405c73a285d3fb1d1c5d9556c
SHA1 d61451de495514dd9047ecc98143c497dc0504a7
SHA256 256ac31f04a501145d798fe5870ba452edff961ddcaf0c835682b5fe8d3c6952
SHA512 b227e6808398aa9926a91b26c91f71568821c6fcdac6a6f807ada7f48dd90ce1c37f70dc0051183cd9f51d572165d82ce4b22606c655d9a906db57a9cce11c07

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2e3a55799bb339bd67110e9e9dddc785
SHA1 ac74ef2989f112309cfc0172a2a64f5f5c1a1c8b
SHA256 5135375abb79670a25510b6f9ceb2afd5c56b3a7e2a247e07ecc7de286822dd7
SHA512 4c1fd371fea1a4c6a837d2eebe2a8081d41ff8378ff97822ae2613a939b2f755ae3259d06fc543ec8b9420045e842b2ca130a8e8893ff90d313f037c9f0a709d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 02:16

Reported

2024-06-08 02:19

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe"

Signatures

Renames multiple (5188) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe

"C:\Users\Admin\AppData\Local\Temp\1d4dac3e90b40b91d0184fa4f6823540.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 43.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 f8ef73eefe8249d9dee65435b313686f
SHA1 31b84fa3b4a967570a83d44c608c712001b1b2ae
SHA256 2cb78087e678b95da874814192d03a75734b7aebb8c82f173920f0c16445305f
SHA512 77b08c65dde6c4a0edbcf5cfef5012759f9ffce4eccd00081bc565eedc3a6194a694aba7e4c6191cdac9bdc70dd9193c91f6fb8fac5bb43f5b2400444ac9c7e3

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 6011c39eed9f4f3a0112c24f2e50558d
SHA1 2869a9ed6363cff42a1a72ec89f0da19596af724
SHA256 4e6d1049c4ed9e579a0fab8ad88c520f5ec09b36129e4411dce8e0e7520a83cd
SHA512 18f5aeb8923160d4429864923f88359a5a8985eff9b05434d3eacbb0619d929609d0204d55414d53bfea50ba1164f3b055a52bd4366b2d83aaa4f4f840ac1ea0