Malware Analysis Report

2025-01-06 13:03

Sample ID 240617-az7xvawcmb
Target a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500
SHA256 a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500

Threat Level: Likely malicious

The file a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3297) files with added filename extension

Renames multiple (4842) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:40

Reported

2024-06-17 00:42

Platform

win7-20240220-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe"

Signatures

Renames multiple (3297) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe

"C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 dcb924b4d946a1bc48b7a6bfadf8af7e
SHA1 751d9dd0cce8c2a6363be107944d8e64b60ad138
SHA256 4ff2cce73fc7e37ac8083eaa55bfed1a985fc9595621b440e58b272a3600ce2e
SHA512 4e2727c54902dc1fdfeab63f322d3fecc096b109c2fea0bd87b317a7f80d83e5d9d51c69fda90f4e4f3ed197e53e6c8be147fa5f3a6cbc6042e44f0632d6e344

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c77152b621ca7cbfddebcaf86fda9af3
SHA1 b776104091e2bd7a84388fd8e94434fb1c6918e8
SHA256 f316459911d7f1b175ba60801cbb0d7e4294f0e5581ee2b8426b6dc1752317a4
SHA512 bc202ec2067230e9df02e62f94b490bc1a3df6cb2aeaab6c6a332be85c6e3b13935eb81722e239bc117348982e0bac836876a3b010cef2e405fded8365893e02

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:40

Reported

2024-06-17 00:42

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe"

Signatures

Renames multiple (4842) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe

"C:\Users\Admin\AppData\Local\Temp\a54c7d9bf653150f7130fd3990573725a00b869dadab3d6ffc1111b6c063b500.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 2dafaaa242086b0c4388e3a54ccf17db
SHA1 573bc0a6496a3360a4cac95360334d65c10d9535
SHA256 2ff83880221e20f40bad33332de53db1ac1c9d1a07f8072cab552c4ab49db6d7
SHA512 fcb6fb51fe6970484a349f126b46b12c5d81dd7d89ec34d783b6cc1cfecb94b8eb0bbc85bb61a485dd3b216726aa6f3683eeb01533a3383866641a4522fa59cc

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5acd2093ca701b49c09e3d7ca48567ad
SHA1 94025673ebf91d5a9e824b76848dbb141f6ebb60
SHA256 9ac253191ac301d0b87c98cc574ee3f9c215803b6ae85894d322b53ff0e7f48f
SHA512 02c6f697467f06d99cbfa562f6e25f981fb43c28429b104ec264700b47d093b4bfc12b341ad6941acc968d5b572c3ff2d6d39d9083fd02c16d5ff109f6a3f343