Malware Analysis Report

2025-01-03 08:34

Sample ID 240611-a8acyaxdrf
Target 9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a
SHA256 9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a

Threat Level: Likely malicious

The file 9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3675) files with added filename extension

Renames multiple (5214) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:52

Reported

2024-06-11 00:54

Platform

win7-20240221-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe"

Signatures

Renames multiple (3675) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Mozilla Firefox\removed-files.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\SkipExit.mpe.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\setup.swf.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe

"C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 d1f301815a2f0593806f167549eb3482
SHA1 03cf4ce2fbade1a29988e89ce4196dba0f48c9d2
SHA256 7122b9048188f1a7852aa0d3abb25bc63f294881907c0b018dc2a1733fe2544f
SHA512 e98c8050c2215cc0a017de9e0a873366963d11191ee215ad96df30c871235055a8138816116d15ef9c5c9c63b55c3b078510ba231f69e9e62f4e053205bac15c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 86da335eb142e7bf2dbb3ea5b9728fd7
SHA1 40809745420d3c486c54be1dd78a22671d8cdfcd
SHA256 c1dc0016985153e0597284e60be6d0a2c149888b5d243bfcaf71217c1377d5b4
SHA512 8aba07a4e37b2a7bd2cbbddc4fc09e2287bc58e33045610c2cc6a56e9970cfd8aa021423233ede89f22ba640a5850fe0a169084e3a75c52e4f1a1063115eabac

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:52

Reported

2024-06-11 00:55

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe"

Signatures

Renames multiple (5214) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe

"C:\Users\Admin\AppData\Local\Temp\9658a2c73505a83e794a5ce83db081803536bccc180783c411c31b9f12bcd98a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 308ccdf6dd51f3f97c2551c19f8ff7f5
SHA1 1a2614c9a350fab1c5eec6a67bf72eb775300fbf
SHA256 3328617c0a2374d12fb3fc4fe28912bd8dc77addbcd2c29f5fcf51d0866b50ba
SHA512 af117cbca8237a3036be0343bf45697e50affeadf3f773d44721de2825004355a657c79c554ddb3b0c194b3b563c093c57d9073812991b262ee63c02ff676ee4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 54455bb94043ebce0c7cfd1cf1b3db6c
SHA1 d10b50bb65924a6d095b057f5c2f88ffcf0d3fb2
SHA256 07532dbcc3a48cae1ed8cb5817c50964a4ae89e81d91d6aaa6ee3dc9dfac77c5
SHA512 82f7f3e133d948cb85b764a88073d1e7174684f7409a9adf2917f0a14999c9a040db3cfa20c7f2751fc62a2c8a3ba9d1efbcb3e923bbeac8215fe706f4d96d14