Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-ccmz9szhjq
Target af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53
SHA256 af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53

Threat Level: Likely malicious

The file af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3533) files with added filename extension

Renames multiple (5232) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:55

Reported

2024-06-11 01:58

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe"

Signatures

Renames multiple (3533) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Mozilla Firefox\mozglue.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe

"C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe"

Network

N/A

Files

memory/2452-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 0460eecbd10bd8dcecf16028370026cc
SHA1 779babd1e232fc8ee5194a7e542810e6d17aae26
SHA256 5d5037f81ca405ea5b4fe364322d8618b2b37395b28898834dcbffaaca0309da
SHA512 827efe24d6e6d1d29744349ec8ecc5214e7b476e0874d97369d73ac077d65d80b7b9ad395c69eb1edb458e3ac7a3ea4ad12613ee3146ce647555ff8090357ade

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8fce7700e3de75ada411a78207fe7edb
SHA1 6477b2344766b97cd73edb91ac3d4c36245476fa
SHA256 adfdfbf2208f299517fce736e383f4b5ff185229d610e83ba084f9cce6c943fd
SHA512 6e46f852b90d2ad6d6080e2aea88565ecc81744897308fa1946fdd1a6ca3c0d948565b62f18f3c3d2977ab532ccc29dc5dd50bdb5bf9d42681a90f52892822e1

memory/2452-654-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:55

Reported

2024-06-11 01:58

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe"

Signatures

Renames multiple (5232) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe

"C:\Users\Admin\AppData\Local\Temp\af6493148a3cf4fabb6597b95c0e4bbd01b39417752718f0e81484ba245d7d53.exe"

Network

Country Destination Domain Proto
US 23.53.113.159:80 tcp

Files

memory/1708-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 8da379325fd9de34ea1c31d3ba38e3d8
SHA1 365fa24d6d56cf9f93f5a772102216b6359d199d
SHA256 d1ad8c152ca6cc567744f9a84a5bacd0d79ea27d85b3a0ba94768176b74ee458
SHA512 9e976aa73de601018701d8acfab43edf2f9f122932a0bbb9a1683dcb31f9a8e992c902e54e84d957c8dcf61516ffffb3b5c0b02b0bafe8b4e58588f3b5229be2

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 986266f3bc99f5eaba6a74de80a2e2e3
SHA1 ddc1ac7dbaa8a264eb9d18e9b7c8405624d9c1f0
SHA256 0a02aa1463fb6e8b48e4b6f63535caac45d72b6f648c827db63934262bec362b
SHA512 53e1b3da09d03dc5dc2e204ab31d55ca32342c1cc8b2b5573b16863d9672064d5dc0472cb91297f339164490973253017858e5971f1d844c9a082c8ed34d1948

memory/1708-1884-0x0000000000400000-0x0000000000408000-memory.dmp