Malware Analysis Report

2025-01-03 08:34

Sample ID 240611-a9ghmsxelf
Target 9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49
SHA256 9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49

Threat Level: Likely malicious

The file 9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (784) files with added filename extension

Renames multiple (5038) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:54

Reported

2024-06-11 00:57

Platform

win7-20240221-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe"

Signatures

Renames multiple (784) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe

"C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 6d4597efadc8c7ec8e97fc8aa69cb585
SHA1 02b2428c89f5a554a2bd013a154d8b4af4ce7f89
SHA256 92f553dc30d2613c4af0429188082f9fbbb3b9e3afa04ba674f9eb49f5e3e634
SHA512 bd158d75d8301374f0637499e941145f5fcc8ac6de9430e03bfd5699533eae34337a2dd5b86f994276b4de114c14ecaef90002373ace581499a1e9743227db0c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5937b1c074833e0d3588004c2449da70
SHA1 3caa0721356b2dff8a1658fbd4c391140eea88a1
SHA256 969337a650137d9519fc3d4b24a0f7acac857666f840824a75f324896d08541f
SHA512 0cf5e1bbf76810e0fed9a83f0bb72ed19d63900f27831a76b39614fba0415434c06ea1a9c65c8078d4b88eecd4d78a1d8a36fd402953b5deb9df61239ca081d1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:54

Reported

2024-06-11 00:57

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe"

Signatures

Renames multiple (5038) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe

"C:\Users\Admin\AppData\Local\Temp\9739cca8bfa961fe313f54d6cdb390c0a7b39b3937d1985448e3370e31d63a49.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

MD5 efce7b5e5a03fe6590b5d15865bbe248
SHA1 eaa79f1b89f4ef3d1252875cba290ba3e7311e83
SHA256 b4c7b674be7d95d5e67e2fc9432922639947e4475859f245c536a299e5b1f159
SHA512 a545caa92a357f2497c35e92dd365fa12b6bd947f066ad59ebf6605bff52fc541cfccd7fc36e8702d70725003f98d1e27acc723c1a65770a89df7f2635efbdb0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b0582cd6f127dbab5252f4b80fe8b9e0
SHA1 828ab7b70a7f4e6bdd177ee881cc2d747ef76259
SHA256 028e2c389a09c9416c58bfb1bcb03792b95fb49e3a88a689cc888023049ad2c4
SHA512 4e3914fe584d9be80052def04ceffd1a7efb5033fc13ebe0d31c56f6aced83973c3bca3f1f5dea716fa9bce4809327284b6c0a3f2912f667c6248394c2c0abf4