Malware Analysis Report

2025-04-14 01:08

Sample ID 240603-w4babsfh59
Target 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb
SHA256 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb

Threat Level: Likely malicious

The file 099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3679) files with added filename extension

Renames multiple (5029) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 18:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 18:28

Reported

2024-06-03 18:30

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe"

Signatures

Renames multiple (3679) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe

"C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 59872545ab41428ffe1de210c28c8852
SHA1 8af36eb88165991d1c31fe56fb902d06478d60d5
SHA256 45a7ec7cb0a2de0410e8699eb6da4fc2db6641a50529730a71d9964396a666a1
SHA512 57b9d5ca04795fe9c96a0989c12bff4611481dec4d95eed87095b48cb4e045b785475c88ea3ccd9c61aa42ded7cf04c17dbd9a63632549e442b48f3a392064e1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7b02424e7a96e38a1acb066c2aca6201
SHA1 c848d48bf65d9ae3c8f69e7b1ce1e33820372c20
SHA256 72d57da3c0218bdedd7c2c6d2d32e6263d9d3b5a72ac4606bf5b28d83b314408
SHA512 354b210a1a1147767523ab21d75cd9913f90bd0b5097d40999915d21ff28f33401b3b881a1f3fa279478d599e686198a158d6321a81954d9def643ff5fffcc65

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 18:28

Reported

2024-06-03 18:30

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe"

Signatures

Renames multiple (5029) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe

"C:\Users\Admin\AppData\Local\Temp\099f47ecd9fecec7c44510d0f65d24b04b5218333877d07bc4944603c10e64cb.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 33afdb98577a8b846b9b60b93a0a769a
SHA1 3317fb747cfdace0123109b843b6a19f060c7508
SHA256 02707c20305bc2a519c7b851183cdf4b391fdb53519b16a7924e872e2791412b
SHA512 1dfc85ac071e8d6e3806ede2cba7d4c74ad3e9129bb509617b1224a669ba739a79f008a96ee9b24728a2b7faa4d6e6e10baf2ce615c2f9d8cec61d2cbfa3c7c5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 dbb0293ccef5f4a00eb7eaed52b0e4c2
SHA1 838f7ecc348b21ac468453216f7de1c47f36cff2
SHA256 65396c2d4e2d576fa710e098d79abe8d7a28b356660d283a8b37c9155aa2ccab
SHA512 0747af2a56e5905c02feeadf874499fa77ff1da63d977440167698711f6e395f6a47dda7ace00798c28217ad5c07477c2e2fed80cec9ca9e7594c60605d28a7e