Malware Analysis Report

2025-01-03 08:33

Sample ID 240611-basbjayblm
Target 9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19
SHA256 9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19

Threat Level: Likely malicious

The file 9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (197) files with added filename extension

Renames multiple (4643) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:56

Reported

2024-06-11 00:59

Platform

win7-20240221-en

Max time kernel

62s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe"

Signatures

Renames multiple (197) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\BlockReset.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe

"C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 8b4deb6f9b38e5e1abec9e693c74c821
SHA1 cfc246a0661b56d7ce6ab0808322cdf211d388d4
SHA256 764824fd40e763f115d7378828ee4abe8d15854f70f3f7a002cff215b3f5b241
SHA512 8fa979e2764b514afcd52748d53a0bf8cedb844e7c8ad9884a5b4846c0c553c7d41b87d2270879fbaed5eabf9253f04610c218315d0e6ec18cd9d43b1fd87793

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b38916df0a3dc43f3f3ef1d6d11c853b
SHA1 dc61c1f4f891b4f149dcf186576f2571ad2ae11b
SHA256 295a365d26c217a69fcc954ab411c2a8ffbc2e76265ec29e576a3c79412821f2
SHA512 e78fbf7370d0f576afddfdc69e8b5cb86344a2d888c9e1648c4081ce3ce91c534c61d5dfd2c6b3d358c0db18ce01e6a9f2cd49c8daee845aba30b02c01240294

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:56

Reported

2024-06-11 00:59

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe"

Signatures

Renames multiple (4643) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe

"C:\Users\Admin\AppData\Local\Temp\9858b969a16faf308aea54fc411c52a9e4dfed285a3e6f9300cb23e7bd6fec19.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4084,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 f7e22ff4cc2cbdb8737a32ef245c5e2d
SHA1 410c21aa93ec3f007f5966e5b98abb8ff011aeb9
SHA256 3888b5123cc75b7598f02cd347c8e6e0588cd4e61f7aecf4fe40ad0a0329ea47
SHA512 c6730b72f813e8a8937675bedf2a6b87777ae88ccaf1da62aa6a26daf2e6309d8bffbb10b6072d7658d699c6d0ec56f9e3cdb48833837c4a4221d7c6fe021122

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 539888a31763d25c74badd84f1e3170b
SHA1 59d4edc6849642fb08ecf4b14cedb78a62dedb9e
SHA256 b4a62cacfd5781ea3349973cab6e40fcae478ea81ad62aa4785c4c33577b2c1a
SHA512 f38f45583249f12d78a05994c1fde4d0fff7f837b3acb00060455f36daeb631eb7c6206cd3467de1f3c9a041fa5b033b54bca990e7b32d1fc9a18af550ce380f