Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-bq5a2ayhlp
Target a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254
SHA256 a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254

Threat Level: Likely malicious

The file a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3514) files with added filename extension

Renames multiple (5073) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:21

Reported

2024-06-11 01:24

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe"

Signatures

Renames multiple (3514) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DenyStart.ods.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe

"C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 9989336ae42f1306418490f7f65fb0e4
SHA1 8b8f1cc8de34a3237826fe6f458c3e7e11f5103c
SHA256 3a96aff912faa8220c94eafa030c33f2f2d5d26dc9c4cac8a23b6bac461be4a9
SHA512 3ac63189ce7461f9210681bdafcc2232a9a99cfdd3b37fca4d8509e9fd9351d97b73535ca9415fbb5164116938844675d73b995fb3b7799d6ae6ae0c53ad4b56

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fdacd6933b3ddb5303b06b95a6750f48
SHA1 17593f0a495baea406dda0f9af1406a691b3c294
SHA256 d23cc222db531e2e3bb3c3534322a59d883159cb2ba5fb428524491f417afd27
SHA512 c451a8dba78e966e928ca4844442a6155f4f8a1bf2306bdabcd3bbd1872b33c0415ce86893cbc9cf3e3599062c288376d05db45712295fc7494cb1a4d57735c3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:21

Reported

2024-06-11 01:24

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

62s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe"

Signatures

Renames multiple (5073) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\AppXManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe

"C:\Users\Admin\AppData\Local\Temp\a2c33009c5f370122e19dcd2210aff00a361dd0a1a0fb8151a9c8b0eded41254.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 b7ad92d380376c8653f4b592c24e2bec
SHA1 7f9c41fe94f7b3ba95c9efad030b214e0999ba51
SHA256 c1f713e8056762f698ffdb650c1f7c6cc24216823ca94edb99bccde8d1061870
SHA512 486ebf836305f1df6c0276ae11b404bbd4ddc558a839f5806c6b64a02d4b523cbcdb1fd9764cdf436d8cb898fb05d64c3e544e8d3cba45e8d71406bf41079616

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 670415fdb4789edcdf4fc9f8344cadbb
SHA1 b6b8e84a4faf9c85dd2492f752e122808ad83f06
SHA256 84e238a7361d5036515f1b4f8739b116f8e228e32401cead823cae22dcda2fce
SHA512 81b53e2ca8b29932c24b5bbce92ce74a4a2e710baab5bd20a873181579d7f2f16811859f187d4ecdd05787c59bafab7a86dc18c45cd1652e914f7ba4e49543a2