Malware Analysis Report

2025-01-03 08:31

Sample ID 240611-carwfazgmj
Target ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623
SHA256 ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623

Threat Level: Likely malicious

The file ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3746) files with added filename extension

Renames multiple (5216) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:52

Reported

2024-06-11 01:55

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe"

Signatures

Renames multiple (3746) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe

"C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 85b9874e7be5af07ea7ce443163e8457
SHA1 b0d4ce7495d7298e04c5d4c273d19eb8e90f52ab
SHA256 bc083beaea2b0fd78009365be6f394bde9f04093cc85e343606009a142b0cf26
SHA512 c2bf278a95316128946d3046111240af78f7612c65b4a2ef1e2a4c31c81052be4934838e1ed4cf8bf856afc00d1381ca1fd4df30aa51d2b74b859939e00a7a2e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 41052b42cfa66ec4a41940fb30eebf74
SHA1 ffd290f2ea13bc9d8e6d61fb3624fa916e143c73
SHA256 6298560902e588b7db7168a6ead8f6dea1ef2b3ec4f3e4ebcd148fa795071b74
SHA512 aa6965b44ebef2cc587880854f501a10491eb08da44a94c67dc03c7c6c09cfdcee5bdb564f36c99b8f0cdae6f39e9967f33036410b291409eb7570c64be083a1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:52

Reported

2024-06-11 01:55

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe"

Signatures

Renames multiple (5216) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL090.XML.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARA.TTF.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe

"C:\Users\Admin\AppData\Local\Temp\ae4ffe7d54c19089c6546fec9e9a1246bd5e32a15dad404217fd7d6b74014623.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 d3c62e66c0b6b6d2d7954faa4a050d34
SHA1 4d2cd442d85cc353ac4d46adcfa9c7f0c0294da0
SHA256 4a87a32ca47022eca8ddda1ea0401f008971d53563f78832e041d2c23828d44b
SHA512 7bc7586577dc827f293240b0a7c7fdad40e4bffc18ea27a82657b5b4973676d7ad161416b2fd00cf53be12f8365082f1bdbf4d2f9b778193b224c15825675814

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7c1c21091f639d6eb7206349293b64fd
SHA1 cec228d1e113924696c6bf26779e389235b2ab03
SHA256 851978bd35e881eace4a6da16b7f98648ce004c43e74fcca0aea83f26712c22a
SHA512 96f4c52ad0e160268b05f1d2670b21b056b1473f71b1b647128e7059b3a3c3426277982378c4f9366fd9774a090ab5d6cfd7ed9cb772068b6ddc64c25ec5ad6d