Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-ct33taff41
Target 1da29816344769cb31f81ce81b21c2f0.bin
SHA256 01a8b2aa513ffb0627914ee65f22b6944b46c439e7a2d38589ec0fb433327f69
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

01a8b2aa513ffb0627914ee65f22b6944b46c439e7a2d38589ec0fb433327f69

Threat Level: Likely malicious

The file 1da29816344769cb31f81ce81b21c2f0.bin was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3733) files with added filename extension

Renames multiple (5303) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 02:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 02:22

Reported

2024-06-08 02:25

Platform

win7-20240508-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe"

Signatures

Renames multiple (3733) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre7\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe

"C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe"

Network

N/A

Files

memory/2372-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 89a578ca1e746ff438d2428eed7d22ed
SHA1 e9eedf977cf01da7e588aa638e5b15c8278a6e8d
SHA256 ba0d1103f2a4efe9a8cc4dacbcc4961c522718b3dbe83541ece5673f59aa175b
SHA512 4761c947dc9772df34029ad6ce368f775701ad4314e730552ca6d9ef98a8f0cea0d7f60fcaeda1be0547990dba5489b72f11492260c82e51eceb9175fc65c87f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b46306702466e5d257b19685e8d0cf72
SHA1 5612f62b815a7d3921a11a61d772cb2a5fe72340
SHA256 aad0d42534cfe9c2db246715a800c4b5d2be94e3cf49dd8baaec9a5fa9a39ef9
SHA512 2c5032f22f82c1afadf87ed6b1e5a514deb2168690a1843ba7e40e682d333ff82d413bf66a4fb654ca428d217b30389b4ee70a4e094d38076a9f12125b1e7dc4

memory/2372-640-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 02:22

Reported

2024-06-08 02:25

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe"

Signatures

Renames multiple (5303) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\CheckpointOptimize.vdw.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEDAO.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe

"C:\Users\Admin\AppData\Local\Temp\1da29816344769cb31f81ce81b21c2f0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

memory/2956-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 deed24c118139c3c0baf740aa1c5418f
SHA1 101f205f462f5cb6f646c1f28ac4ca9c4b2f2cce
SHA256 eb835f80831939867e57b9c7722fe73a84704c984770d4233cdd06b68c6f0ac3
SHA512 3ae4ada66732bd87742206df0aa210c8ccc8e0ba2907e45e22493cb67329073b4079f80d44526fdd51771fb70c4dd8c9d16cd785bf6cd3a3fac0be8321771c0b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 fbd0c6a6e907a43390aac6b2d77acd3c
SHA1 8dcc2c93f4999641eed1360f10ce6e28afc3e5fd
SHA256 5b3481b327675001690004f7b8a6343ce5e2042f6c634bf04560f6c968e053f3
SHA512 e4981ec3c5dc6c564f3898765f6b1f9db7514b7c55f4f07ce20063fba1f9a747588523b977348c697d7a076a339c236f7ed0e3bd36c09c76089102944aa93013

memory/2956-1982-0x0000000000400000-0x0000000000408000-memory.dmp