Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-bv8t1syenf
Target a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11
SHA256 a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11

Threat Level: Likely malicious

The file a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (595) files with added filename extension

Renames multiple (5006) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:29

Reported

2024-06-11 01:31

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe"

Signatures

Renames multiple (595) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe

"C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 5f7ccd53a19fea9b33de2e45842c4355
SHA1 933845445d8740418cb0548009c3e17190dce3da
SHA256 cf447358b0f93bd9cf82af15741d66fde7c2036710d376e36ed4a81043243525
SHA512 b09810ba222f146ea7bd7a87e745f9f0becb902a092f08d3f599083274e2c1070db6070e2cf0777c83c8e1139f7e9765740c595e9aa8d9bef7de27f8df2c23dc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8f75e867db61fc4cf8ee83b5475a09b6
SHA1 db819831b5583ea6b9df0d4e634ac2ac653b1013
SHA256 166e19ef14fa76bced728de79a55a25c58de997b2bd4f7e715d7c09184b23afc
SHA512 0abeaa25b3f3479f3ebc51c87197dd7ad87a0b638896b8f03c0014f18601a4c0b7baa5c262b61597f48277beb259b63a50bf6710735e3fb574458e6a5c023203

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:29

Reported

2024-06-11 01:31

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe"

Signatures

Renames multiple (5006) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe

"C:\Users\Admin\AppData\Local\Temp\a558a4ae5122e5a522a373a4f18fa8bee2c9491ee8259d19d1f119f0ff3f8b11.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 fb129eaa7aa7086abe3a80c06721423b
SHA1 31dcc2c119331caf63cd6dfca634b28202a3e486
SHA256 d11e5262b18bfe80fbc271df6b7a38672098bc38cd7ca4541dc13f28172c46d4
SHA512 0208297cdf6c726b264b7bdc202fbdade1d787834c01b0806d12253157cc4fe50faf68803125d054c10dc5ec3c7ef2ea0119dd8d696d48cba5a609c96d95c3db

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 fdb66c03fc55a98eb0e234166586561f
SHA1 a56b4d2cb1f6209a5aee9d9378951405df4a46fc
SHA256 d57167d8ad4103e60906e54738ffcbf48bdfbe570c0a0f82c964dd332cfc55d9
SHA512 6f0ae8d9e490a7da93c74124980401123216ef69fcdd246b5c77896fedf98cdc2d400b61f0df14ebee48ba3b0032e6203c3712f82a30039392d6fed54e537987