Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-aqb4tawgla
Target 8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd
SHA256 8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd

Threat Level: Likely malicious

The file 8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3471) files with added filename extension

Renames multiple (5191) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:24

Reported

2024-06-11 00:27

Platform

win7-20240215-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe"

Signatures

Renames multiple (3471) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre7\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe

"C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 1d039ec777b4e77eaf6f9897fdeb4622
SHA1 be823e4bb97a1a084ff7067d7e59f6b79cd01a38
SHA256 9e0ac6ba052adc73190e8b4777905e4bad186a305cfab3391a590446255a9561
SHA512 be5e089aac8bd181622378c97b96d66a37c8d8b623ba9f485879316a1334d71e672db578b259a178d58b372f0e08777cfaba893222ffab316e8c8ade2bcd1ed2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2ca1b32f5c2f6c457af1aec2f8774908
SHA1 1b1579556c6851a35b144512474c6ad0ee107352
SHA256 4b752aebbe01664aa51468e4481096cc46b95ef89fae77aaf5677cb224daabc6
SHA512 d6c1e2c44ed7f06bb20705b5390ad582574c8072c376167e93e9ca204eea499f3e7f353e8316a40550a0a2e2af6314f25eac94db04e20aea5bce90b9cbbb31f8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:24

Reported

2024-06-11 00:27

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe"

Signatures

Renames multiple (5191) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe

"C:\Users\Admin\AppData\Local\Temp\8ab59335bd4171dfbede5953ffc0d92c7e800e49bbe87578ca259e53d477c4cd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 631d70086ab134a784e4a9d76b703ba7
SHA1 e4cf7d3a5631c4126206733b484af4db58abcd41
SHA256 6666a377b4bd37d4753b3e8ea43c451642c980c170db54aa1188e6c825f643c4
SHA512 48b6df4b510960dc837c4efd482a420a53ccb5ae4b12acdc15f616d4eb80981ed2080e39207095af6b92d61cc21e9bf4a4d9420ed367c7e203b7819b1b6d1225

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 facf6d924da0f6a6be68bd49f11368ca
SHA1 5ebbc6c5d0c85fb631e64e0723cbe7c2d5a36bb5
SHA256 7d183a4792be089fa6b1a1b5937ed0d12fe7ac69467839a72859c0e8e89893cb
SHA512 ebcb9ad1d1744295b5b69d16eef9e6947e6b975f80c0c23a0d4c9f6e05e04a4b86170592744c480a2744b08940962b4a16a306d65c8a2243bac259d8149da172