Malware Analysis Report

2025-01-03 08:27

Sample ID 240617-cz79qavbln
Target d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1
SHA256 d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1
Tags
ransomware
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1

Threat Level: Shows suspicious behavior

The file d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1 was found to be: Shows suspicious behavior.

Malicious Activity Summary

ransomware

Enumerates connected drives

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 02:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 02:31

Reported

2024-06-17 02:34

Platform

win7-20240220-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe"

Signatures

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Mail\wab.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Mail\WinMail.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX1864.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpnscfg.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\RCX1A4A.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Windows Journal\PDIALOG.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMC.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\RCX1A7E.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Windows Mail\wabmig.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Media Player\wmpshare.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\RCX1B87.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Journal\PDIALOG.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX183E.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\RCX1A5C.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\RCX1B98.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\RCX1A80.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\RCX1B75.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\RCX1B97.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Media Player\wmpconfig.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Media Player\wmpenc.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX19E8.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Windows Journal\Journal.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Media Player\WMPSideShowGadget.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\RCX1A6D.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Windows Media Player\wmpnscfg.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX1863.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\windows\readme.1xt C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\windows\WallPapers.jpg C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Desktop\General C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg" C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe

"C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

MD5 0d472c9720e55e9c249207de6c69722c
SHA1 7244426a440a268cb37b49005812b8f20f052776
SHA256 bc1d3cfb69f97bc930af3af7be8601e60eb1cc78516aa844e41c65e51c316de3
SHA512 f77bf33604691e0f21f1f3548187153495aad5cd5beb80b409ff50c71502e5303ddb7d64b652edc5b4177bf88e8cee0df914f91b9532b9b1116af32050291cca

C:\Program Files\7-Zip\7z.exe

MD5 7528060e1ba48ba4e24e6b2fa4c0726a
SHA1 31b6b3105c39e3a3604ff9cf4f7404f986236be3
SHA256 6de0d61f94250fa654e955be082316c749033ba01be0c20e22963ba4a00f186d
SHA512 5d90c9078e2a3e0571e0537e1f266b5bb31a548ab6f87e74087ddf7bf7262c525201694dc70f6114f70da43d8fad734a560e57ade22ff09e8e3749a2c5a09e09

C:\Program Files\7-Zip\7z.cab

MD5 9a1dd1d96481d61934dcc2d568971d06
SHA1 f136ef9bf8bd2fc753292fb5b7cf173a22675fb3
SHA256 8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525
SHA512 7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

C:\Program Files\7-Zip\7zFM.cab

MD5 30ac0b832d75598fb3ec37b6f2a8c86a
SHA1 6f47dbfd6ff36df7ba581a4cef024da527dc3046
SHA256 1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74
SHA512 505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCX17EA.tmp

MD5 650bc24366b235f8633ef08cda3e761e
SHA1 4fe6d264061b68207780d345f97aec9c40b1360b
SHA256 168cc4842d373817f569d7e788050ef5845eb0984e41b06c7588fea63eab9f7e
SHA512 d6d1899ba1d5e46749bd62e3bb860793151ee5f453e32a2bed0e87c92dca2ce50075b6008b3a35651a98a669ebba211f0aabbf1ab02c37f0a66af37debed566a

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab

MD5 f45a7db6aec433fd579774dfdb3eaa89
SHA1 2f8773cc2b720143776a0909d19b98c4954b39cc
SHA256 2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a
SHA512 03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE

MD5 7b0b1f85fbdc2da31a1f2a572490f2e7
SHA1 9db7f3774a9bfa88fe4de30b1d0347d2a65a3dd2
SHA256 76aa4c7f61bbcead0cb41ae6cb4b2d35ae9e5499fb6a4ba2c1a5b207519271cc
SHA512 4721404c38c226b2a2bd91be5b63ea2527fbf709d7deaadda144a40da35e962c2adb864cdf8ee3697fec4e7b334f1037ee80d129a4a566ffd255b895db8b9e22

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 507518975d5e1659dbebe989397be14d
SHA1 0608d27617e078c07755adc938e33b4b664c75c6
SHA256 3fef63f99fcd6dd3c13999355979b9df9085d6511ee576c3a5bcd6991d543d28
SHA512 96ac044f83c363b752842faa2445050c94fc52514566f44772c76c8b1a9e84a36096d74aa13ec56941e8c6fa23ef3bad6cb578a38e930784004a25e888b7ab20

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 72e6a3fda3590925747e5688cfed12e4
SHA1 59a3e3f01d28d269a608837d6eb42de33eb60118
SHA256 4e23cfb6ae347ac7b1ef706a6ac624fdd06396e1b2d6d14ba6ced9fdd2d09e7f
SHA512 66ed94b53d75fc4623c24fb1515c11d88eb59a653b8e5922375abc8d7cf862922b873c676c7010f11c1593faa11d86c8974509b8fc79e1e6cd257d503a875651

C:\Program Files\Google\Chrome\Application\chrome.cab

MD5 095092f4e746810c5829038d48afd55a
SHA1 246eb3d41194dddc826049bbafeb6fc522ec044a
SHA256 2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588
SHA512 7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

C:\Program Files\Google\Chrome\Application\chrome_proxy.cab

MD5 b65d7344b0a7faa207d2e1a7adaafb60
SHA1 755ad15b1745b0e730d658d4a92e2b754425b7db
SHA256 f4b91fbbcba8a46eefe4965e4a24c6ede3decbd1fec96e141a1953173efd1c92
SHA512 f17ac73c2df7c73a31b11ce0f533d6db91bdb0cdeea653dcd52ac72c3cf28da0c236b79586ddc7a6c825fdd171290722f888465e776f12ac2cae75be82726b22

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab

MD5 527e039ba9add8a7fac3a6bc30a6d476
SHA1 729a329265eda72cada039c1941e7c672addfc19
SHA256 4b8a72fc81b733ed2e6e70d4c5401f954002783dbf14927849ad579860780b94
SHA512 9e73e14e33a5f07a87e9c1fecfdaee09d1408471052aacfde3d1e877dad4d253b525ebefca6bddabc23cf81d8dcce0785aedcc2f135d171ecbb1feaeb922c449

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

MD5 c15c0e14241df6f2b4487ab8f8abaf9a
SHA1 9c2d177aed84a28c2ead774522585337c7eefb7f
SHA256 0a0ee42c363a3150cb4d639f167c5664750c87634e81d03ef32d5d483e0207a7
SHA512 78e7757e367715bbfc2fbb62c983f6eb0e1d10a7ff7b0838eea8492b38b7f38d6e3957ff726595a4292b64fcfc4ccd56042dd4597081bf7f67029b5e6044fa0e

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab

MD5 ec6386b63c3a5ffe0577905e94262c3a
SHA1 8f8c428d0e7f32c9d733ca28384ded413a060588
SHA256 302c968ab3e1227d54df4e72f39088d7483d25eeb3037f0b16bc39cef2728fa4
SHA512 ddbefb759858493de1f9d7addc6ff4488c8be3164374e0a88c3cbe97751510005dfe6d91c5499fcbdc35aa33a8eda2d45591a66e54ab9462277dc833faef77c3

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.cab

MD5 2161730a7ae00a1fb8c5020a43be949f
SHA1 8db6b820472cdfa266c874e0d3a9395412995aa1
SHA256 07e7896b2304e3b9966294a02d2ed32f41994ee7bd0a284e4160743edaeb9e15
SHA512 aa3659b6184f4273b7fcf1f7d2cd0a5a9129b8856d15e4ca8904b709e85cd432538ce0510ca9777760a1a9d5391671232a79908860e7d665260a54910f6fea5a

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 e6c5fa3d93a649d544af6bc4d9584841
SHA1 022c72284f79716ea8c13e65e336029fe8dd2e17
SHA256 4ea371ba5522277272e92a1410e6693d57736e369c4e37dce0aab29f07918832
SHA512 eaad69cdbe889132cd53005f3c05a6535f16591fe6d75c696616caf2d554d7bf7c755312f1b8896f51cc297e89ed881a49534f1791458e2b0e8efe70f4a3d7e4

C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe

MD5 4d3598262f5a612dfcd7b3ca181be301
SHA1 825f41e6d2d01d93a3d179bd402ec7461b190d04
SHA256 671e75e39001d3a66d16e36553a964914e22656bf8c30e684e88f249bd6495a2
SHA512 327d48a0f859d85fd28dc4351f35c154ad47f1be682dd4c70cb259ba68561d6ad54a334323c5f64b628269c5a261efad3385c6a56c39e1142b7f925d9cb94eaf

C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.cab

MD5 c9aaf1247944e0928d6a7eae35e8cdc4
SHA1 af91d57336d495bb220d8f72dcf59f34f5998fd3
SHA256 05b153ba07dc1a262fb1013d42bfc24d9000ce607f07d227593c975cdf0bb25b
SHA512 bf3bc64135810948626105a8f76dc4439e68ee531f20d901c3082ae2155f2ea35f34d408de44b46ede61ded832fcc61ac1cb9719e432f0f07b49479c95847e51

C:\Program Files\Java\jdk1.7.0_80\bin\apt.cab

MD5 407d2d7dab36cdea871d4c6b9c62b258
SHA1 86cd158ad810c6772c22a5799c7acf4b9d7c9f57
SHA256 3c040679ea4be0cc5ca20c9f24caf6c13d3002560347e7446dc963b611523bd9
SHA512 dcdb53a3ca2a3637216a9d8133d1dbda336a6d3a98c6b956af42f94adbc136dc5a0245e87512d0314f23dbf3cab4900bc40ac13c79ee93a677d93a89e0cd9e17

C:\Program Files\Java\jre7\bin\jabswitch.cab

MD5 e795eb03297dd66d2efac2c33920a69f
SHA1 bf41799164d6ab2690c39afa458122ed82f2d0a8
SHA256 133afb441f29c697a5232752483ef2eecc297446f6db941bd68af7ed056cecf1
SHA512 6a334a07afadcd5c29c30add22142392bdc70d8ae0f36140f2ba7c9b4e70a9efd87b7fbd8b3ef862cea7aebdddfd18bb0521308d9a69070ae4a84432f522c4ef

C:\Program Files\Java\jre7\bin\jabswitch.exe

MD5 829c3084ded40300d8b10c5fee916f86
SHA1 109da5548ef90379abb761537cb05da9240d9b54
SHA256 a7d7e98da8a9ea20236c4f2053087e60212a0b7aa2ef4401b32d9c4239a4fda0
SHA512 ee12b9e9024e89416fe590487e104b1aae0aaaba0f9f3397de19d392108d8f8e2eb21e1d0291901a655539da372d8046dfcba207b15d048de492788e0db78754

C:\Program Files\Java\jre7\bin\java-rmi.cab

MD5 d3827115574d8b0ecbaeb03528c6d1a4
SHA1 2733607537ffc00e038039af7eba24601db6fbeb
SHA256 6ad5b065b3f612d89127b89033aaaff995942187f917144dbe28e656c3ba348f
SHA512 2a1f131960f452d1012a43597f2ac9df0edc22b6aa68fd52eabf4a4249d86c7776d625e00e7c5dbd4f35add9e31cbc02674be40714f9aa5f3a2f458419303c18

C:\Program Files\Microsoft Games\Chess\Chess.cab

MD5 07dd9dcd1cc2840751a1f8772f3c0195
SHA1 c6203a3990cfbf396ae87110e341f773cd6be4c1
SHA256 9b39147e1ba781ea8e463c22700f6ce354ac5e775e36657fd87bf41074835602
SHA512 5e547dc18a2b44a6dd67f6b43ee5b5b1bbd4ec1e8b5507b0d990837a7adb72b66808e7487f97062d54e4d3c2c7b791e3b580c9ed316e9d003849f7a6f6a3d56b

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 881a7b6b355119429fa26d43185062e5
SHA1 7effc9870863db512d636ccc0583372fd969f863
SHA256 126b81800ae63d489ce15d81331ad5e7c89313da7e81d0f858632306cb2d58ed
SHA512 c188307d28385c5eaaf6d9c69becd01f3f70c916b977c672c04fb93d269c3a80d27a2930c143adbd82340ad1552d54021b94eb608fa3ce8e0e15db6ee7c3a6e9

C:\Program Files\Microsoft Office\Office14\MSOHTMED.cab

MD5 78e89dc545e6374c4e6c09c1d3ce0466
SHA1 bcbfe02e7fed041894db6404e60690d02301b763
SHA256 fabc7c12fd6523338f8adb3fefcaed7f213afe95e784ef36ecdf42da67421ab1
SHA512 6f4dbd49e79c5e540ea9b35e4acbcaf7c294781691ee4681580048aa75671d9d3f48c4d474ec834d9c193d2c597302554a6ce6c10651a4cc9d11db284b0884f8

C:\Program Files\Mozilla Firefox\crashreporter.cab

MD5 73603c36b4d1522c3402d67ecf657312
SHA1 6a964ae5d681455c320ea0f8611b79a99a35b283
SHA256 7fb934da4bebc1cb81c3e9f5be4dbb3e43aa8098b6e63f5e0b97b3cc105830b4
SHA512 5fdc5f8ab72bd05ebea6068c896a7805211a9bdccf0167f48ac456a1e4283b59001e588d7349e34f8511fa297f98af8d5140c883e6d4a192af8d350a433c0238

C:\Program Files\Mozilla Firefox\default-browser-agent.cab

MD5 3fa2910cbd44b17be47ff26ef27c5157
SHA1 d8a2bbcd3c88671b48478db293c61268fc24accf
SHA256 d448206c75c51f8a44a1c7fd5dabb8b0505f670ecb2e5d2adf55791b9cef1b0c
SHA512 16b70c679db2ba74a98f99956984fa044e96c821ccd5521b4882134c705b823674891d0521dc49c2391d5c184bbbd0c6d68890df65aad1972113aeda4f3b944a

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MD5 53494cd80cf391fd9d3601c9c7de8712
SHA1 6bd1264e0341377cf6bf7f09d531d1504d80c93d
SHA256 483b75977559a439a2dbf8ea916e05e6680e3cb14d76991af0d2ac6b65457ea0
SHA512 515bf8eb0ff976b2512554e2937b297a08ccf307c26ccf597e2dd7a2faa9f4c3980c986154e4340cdf8de0dd08b6763ec3f631430dcc0f5ef7128b2c6d167a08

C:\Program Files\Mozilla Firefox\uninstall\helper.cab

MD5 d358e785b13cdb7846b3ec8b74c3ce43
SHA1 8581ec4bcd412733f64ed547b7b63bfec0caab7d
SHA256 3cdb1c6e5f4a607bc310b745d551b59eca0aac02cb83da146bedc52aa05a6beb
SHA512 451a4a6003d1ca1de98ea291537ca793621e4e23a75fa39e05320737bcd6bb4242d4fefa4c7458399fb54a5414635c3f67c8972377183b289fbb05aa13c91629

C:\Program Files\VideoLAN\VLC\uninstall.cab

MD5 5ba8b6e3a9d08a4fd4f71eed8cc56275
SHA1 5bfd77c8ddbca1dd2d4e6a9e08a0d89b50a654d0
SHA256 e202657abb97ac953185c97f0d4e3d3133fe760d8b8c4e97a2c53d94bb8d58e2
SHA512 e8242d974ff4c103cc1af4d44e55070abca619dfbae0fe450fb2dbe165a0af629c5e010bc0cbc5d7a8d40a2c420aacb3857f4d410f65235da8099379458fe419

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.cab

MD5 b2bf2621b184914d48bb147d38f64392
SHA1 b733404cf4231a069d47ca68b88118ddf05b18e0
SHA256 276c5e546732a7b5585670943c84fe4ea782a601ad54ad4248605ad4ee916210
SHA512 2966c8222af45c16c38a8341036ee58f65463d9874cc871639760b395cd8a3252e962b347e4b27c3aaf5735caeb5fc3154a29092d686642b66b49682662a168a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 02:31

Reported

2024-06-17 02:34

Platform

win10v2004-20240508-en

Max time kernel

146s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe"

Signatures

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Desktop\Wallpaper = "C:\\windows\\WallPapers.jpg" C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX5DD7.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\RCX602F.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\RCX5E6A.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\RCX5FA9.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\RCX6076.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\extcheck.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\dotnet\RCX5DF9.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\RCX5E59.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5F1E.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\RCX6077.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\RCX5FFB.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\RCX6054.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\7-Zip\RCX5D65.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\7-Zip\RCX5D77.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\dotnet\dotnet.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5F0A.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5F31.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\RCX601E.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5EE8.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5F61.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\RCX5F85.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\RCX5FA7.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\RCX6053.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\dotnet\dotnet.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\7-Zip\RCX5D34.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office16\RCX6042.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5F0C.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5F1D.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\RCX600D.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.cab C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\dotnet\RCX5E39.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5F30.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX5EFA.tmp C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\windows\readme.1xt C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
File created C:\windows\WallPapers.jpg C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Desktop\General C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg" C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe

"C:\Users\Admin\AppData\Local\Temp\d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1.exe"

Network

Files

C:\Program Files\7-Zip\7z.exe

MD5 f93a8207a2b7e5d7cc5cda64c07c889d
SHA1 8a00afd6fe92708374b3ee92d5b1578bba21878d
SHA256 d0a19907fc24539e985768cea91efb0dea1ee13d49893d4589debf2acc5c79d1
SHA512 47ed8283a94ab8dd30f64b0f9010055689230500742ac1aae76a67eee81093167b549fd0f077099514eec4c756e5cd587ff0c798f0730c1ade157c5081016c3e

C:\Program Files\7-Zip\7z.cab

MD5 9a1dd1d96481d61934dcc2d568971d06
SHA1 f136ef9bf8bd2fc753292fb5b7cf173a22675fb3
SHA256 8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525
SHA512 7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

C:\Program Files\7-Zip\7zFM.cab

MD5 30ac0b832d75598fb3ec37b6f2a8c86a
SHA1 6f47dbfd6ff36df7ba581a4cef024da527dc3046
SHA256 1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74
SHA512 505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX5D87.tmp

MD5 650bc24366b235f8633ef08cda3e761e
SHA1 4fe6d264061b68207780d345f97aec9c40b1360b
SHA256 168cc4842d373817f569d7e788050ef5845eb0984e41b06c7588fea63eab9f7e
SHA512 d6d1899ba1d5e46749bd62e3bb860793151ee5f453e32a2bed0e87c92dca2ce50075b6008b3a35651a98a669ebba211f0aabbf1ab02c37f0a66af37debed566a

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab

MD5 b8d69fa2755c3ab1f12f8866a8e2a4f7
SHA1 8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d
SHA256 7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd
SHA512 5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.cab

MD5 3dc3594fb3b25c55081fe4b3226abbc2
SHA1 7eaddfd597fc76244f71f98877f7149c9e85dc9e
SHA256 6d54694077faf07473196da7b7f1c6981c8ad6a462fcea4777a80cfc6bc5769e
SHA512 8f268673c86e2c38d1713696ed25b75a565d8beb5b05ea755c9cbb12f625b8d4abfc1bb3f9f54c297ba4bd7dd9e465737c30f492aaef0034b0e1568ce13d2445

C:\Program Files\dotnet\dotnet.cab

MD5 33b4c87f18b4c49114d7a8980241657a
SHA1 254c67b915e45ad8584434a4af5e06ca730baa3b
SHA256 587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662
SHA512 42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.cab

MD5 8e4a401d4862a3ab07d4e7e17cbdfc78
SHA1 8ff6d2c100a2ba9b8159b9f733da011c8e448534
SHA256 6e25f414dd65440cd0c285990f4eef789a831fff640dadb4afdf79a5dfd95bc2
SHA512 74477239112082429db839be011cbe3d7d8fa66c9b8089dc93b18c1392ae57c935f39446227049e6f7f29e86122d191fa4f2f8d59b87f1f7b6eba3ae4d61a579

C:\Program Files\Google\Chrome\Application\chrome.cab

MD5 bfcb32781aeefc243ce925c9e558c21a
SHA1 320e7a68e6a57bdf4bcac921be7c0eddd3d87cf7
SHA256 1d5984c3c178d0bdce409fe302369ca192f252562a3e2d50bf7501f0d6695f7d
SHA512 a9387b7bd491ce60058d1a459d0b08ff73cd56af0bfcc2fba36e2cfb767c759ae5f0dec44635ae635ed2b2adf02213735c416d729404d5d03ba4bbf7f1d4c41c

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 3778b217db5669a47acba17edc144a18
SHA1 136ee3d77b00b33be32ebe1b5ce929d20fe67a79
SHA256 88fcb34d5d27c76f0143facd47e2014c99fed65c429f34b7f5d8d2d4ed057840
SHA512 06edc1a84517a64d131fd92f9f5e68342dbfa6eb900b4376ff9dcd97e8ea5171cadba1441cf78f391fd0b21892967ea94a56239e2c639a8c4ffb68b24e0b6bc2

C:\Program Files\Google\Chrome\Application\chrome_proxy.cab

MD5 1d299dac46c67a0ce7ab712d934d0a6f
SHA1 3135016ff17ca69aae5a2d748a8e7d36bd008add
SHA256 b6d3291baf815d909264816c91be07c46bd9de2a69fc49cd4a50942e81edc161
SHA512 14a90184ccdd2db298a222efee7d76c00ccec31b82af7caf6d6d5e8a3cbc078b77e238cdce0e29fdbb2f58ed337571b91e119011fb7b2f70af520d19a7de7488

C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.cab

MD5 47ed928efd1c64f26622c99a2b6532cf
SHA1 4abade6b7774ee188bc9359e0c72d92fc3918e33
SHA256 bc2e087089efc2416135a5b1a75c5b54c0c7c684862e543cc94b989a889f80d1
SHA512 3fb5bd979b08e005fb1ac06dc7672c47ad64fba499980868560706d503a4d7b6d079ea2909d61791b1caaeee4d0b1cc03a665076deb03156723edb5fcad20dc5

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.cab

MD5 aff19b92662698324081b696e1d7d675
SHA1 73c140dd38139f09ab514f9f8db7686a4bb401f6
SHA256 25cae43dea9d173a58e4c0056b80df5599f0bf973a7144f0ba692929198af5d9
SHA512 08df4ddfa7bb77476cd4d54916097cb4c6a8e600d00e86349a783d9b80823c2757b3940ec34b39aa9bc4726c6990c61fd93d2b86068ac342c8e25217513811cc

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.cab

MD5 5f75009925ad99b2843a4ec6e0d44743
SHA1 c50ca5fa79e7c64e44c77d342071f6080db1fa9a
SHA256 7235412057858be57820e52739683443b13d9586b1f710bb25020488b4bde9ec
SHA512 7c13fb3ef8a469b0c92e6dc458ef0237c5ebda57a0e8dd9a47ec888b406fd00f5f6a776dfccef900952a31f4978689ded1c3c8cfd9268a46ff86de76786d93d3

C:\Program Files\Java\jdk-1.8\bin\appletviewer.cab

MD5 f63d14c000dfcadf2394c737edaeaec9
SHA1 1c9d16d93f58d2c0a4708ffeaddf9d2c26ef33e8
SHA256 ea8543b0eab31dece2b50ef45a2585f4de09af35c68d9a63152944f8a831ac29
SHA512 4cffa0d1c4c1a1ddb91ade23e17a76dac807174d022115592caec2d0927af8188455e0c7b8273972de4e27e4bb816e83deed70551075b6effd4f32aecf994053

C:\Program Files\Java\jdk-1.8\bin\extcheck.cab

MD5 952fc862806f000e37d22897243c2bc4
SHA1 2da507ba99d86deee0fed3238e5e9fb170a562d2
SHA256 955f386e3af5d87a46dcb2064967e34eb25a44ca3d2436e54bd5b84f4a2ab2ee
SHA512 c74263c02d2066c0ff8a236c9fc620e2e088b3c1d3b54852de45f7b7dfbea799ffef41787919a196ff4e7ff03d1c7dc1bb2b876f1c7f829e04aa577ff728ef05

C:\Program Files\Java\jre-1.8\bin\jabswitch.cab

MD5 e454822cfbf86d36ab2a407d0b1a251a
SHA1 85cc1915eee60880841f169b424a23d6a5125e50
SHA256 b90ebecad390a9243a1aced541a32a7d9ad14ebf80314c87b1f9fbf56714b623
SHA512 ed26334cefb09861028928d4cea2b3198709aa1c56d3459c3f08ef16a9fde7ab83042f7cc2a98668e46f84948222a501e0f68f9edcbbd20133316bb1f4666033

C:\Program Files\Java\jre-1.8\bin\java-rmi.cab

MD5 12fb68f82c2293453b01833c43bbfa2a
SHA1 4fb52f60a5e9f7f817e6c58f5d3a130da32cae5e
SHA256 ee25146e9c0f1b938ceea4851006483e1aaab6d896cbe5f6b94955ecbe9c5c8d
SHA512 f03bdf76e493e5b649ba12cd6064265e9b809f17ad519040acfc2e2a128374018a1c516bb1f290269e1605525875ad573a9d7903812bb0c75ea404c61a227c3a

C:\Program Files\Microsoft Office\Office16\OSPPREARM.cab

MD5 3f1c773a2e54f4d27b29c3fc1edd7d43
SHA1 ef9a5cefd1f3c76b0fa5c8ea4a261dc46e59d185
SHA256 ac66bafa0e7196b9f7b4a83b9625b32e83db7731418ecd0f4a8de474f7355254
SHA512 d6636ba0c800757d361212169f770d3799cc46583c79e0b9cc7cc49c565b86849e8965fe0783100bfb8039f12b717db88f95062e7b6b6f67a7f8bd38144a4297

C:\Program Files\Mozilla Firefox\crashreporter.cab

MD5 b53b154cef8f2fd9d0d640869d3e93e6
SHA1 9c0ab7ea71c44f4dd9102ca9db31c7f0b4eceef3
SHA256 46c200f82ac3ecafa06d4997a21f01c7c40a207bdf3c241a1d0929eb7ca1c0a2
SHA512 65cf89f0b3927f5aee033c2a6ad8c956a38821921a93ad7cf1f2b765a7cf497a7ee5e44d97da03a60609348ffa91c92a6e43b5d4ff8995caddd72865d7823f64

C:\Program Files\Mozilla Firefox\default-browser-agent.cab

MD5 46462a56ff00112e5b44f421ab18c908
SHA1 5a058c946477e0ba206ed44f79664f7648c00272
SHA256 0296cdc02a167b5443339e45348202e6e3f643caa6b3ccf5b6c0eb4457c4750d
SHA512 5f46ea8a85672aa0a1ac4f252f9a2e216dcaa2a44dc0d3f2191be9fd57ba874b1c1b571471b0a498b84d23ee450301d7eb14f6e1ee35d8de5462c7a1175b0287

C:\Program Files\Mozilla Firefox\uninstall\helper.cab

MD5 a0ab82adfc3bc2fd2d36a1b56c1cbf76
SHA1 b90f35ddd0bbb3e22f91c7232636c385943cf5c5
SHA256 350b183495b9e19b940b8e23e51b5647520204f17fccdcae7fe4aa5674734eec
SHA512 93f7dde66a2298a974100b269943331e0ed44fe4bc63ba74c0742fce91d39b3c73638f7e4552dad7b21b478e46c6ab5e192c621d644fb064fc81cc18b8499036