Malware Analysis Report

2025-08-11 01:47

Sample ID 241005-x265navdqe
Target 6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe
SHA256 6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48

Threat Level: Likely malicious

The file 6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5108) files with added filename extension

Renames multiple (3522) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:22

Reported

2024-10-05 19:24

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe"

Signatures

Renames multiple (3522) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Common Files\System\DirectDB.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe

"C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 9d5d26536abe787a4a954bccfe2c8d2b
SHA1 0887a3a27439e6f7ace8c9f49945fcf70fa54bd7
SHA256 b13fd5d6ee3d6a303cf8013ff3c4fd25ede7ebd540b6b10c1578e602ed4ce85f
SHA512 cb5c03881f8415c19196372dff1c3b3ba805bf4914eb10b124461e7287c970b5c609ad53ade93178f83bbaa9226307e289a02f818e58a53971a8cae8643e10a4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 eebdf9595237bdfd01dd70f0539de883
SHA1 5f2a349eea34c910d7ae45ad2a36a75465f18a88
SHA256 dbea1a6e8bc38b26c07e98cfc12ccc6ceea9df38fa7208038acf6ff41762cab8
SHA512 073484a9a0c289d35fa3f939c5b3130bed34cd6ef419a0495842c7859434f8aa9f11c71e83ca6bd952c781aa20ff6294e699418d8e60d554133645d4d4c5713e

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:22

Reported

2024-10-05 19:24

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

98s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe"

Signatures

Renames multiple (5108) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe

"C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cba4ad2fa832d2a0a76f6b3458b4ee7f
SHA1 baed68997b24f10f1dc2f8d02349a91553299aa2
SHA256 7ba58da721a5ac1c49189432a7cdb42ae412ab4ad184588bccf86f23ff7bf4bb
SHA512 e32b6a605cd2f2a42d1a5d269aa99e34044932403d4c4fbe5bebab81a929ba9d54eaeead87eeaff49009edece67e55bcc2eb10972a854c0d9b859546dce532ad

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

MD5 b694c94daa34ccfa91c7d6bdb4ae9e1e
SHA1 6164a08667520fd219f7fb55975dc18756010246
SHA256 0a5989ffb6ee2aabb67ab4c9d460adbbb7c85feabf65734d96f6141c3d23122a
SHA512 a422cd6dfdb0cbf4523f57bd1df30ed5d15e5eee5aa398a2e881d8a4c6350ce5a2435e99814250b41289728b8713f0b7bc4ce29c8bd68608cd186a570491fc04