Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-bm6dxsygjj
Target a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57
SHA256 a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57

Threat Level: Likely malicious

The file a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3794) files with added filename extension

Renames multiple (5212) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:16

Reported

2024-06-11 01:19

Platform

win7-20240508-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe"

Signatures

Renames multiple (3794) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Mail\WinMail.exe.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DW\DBGHELP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe

"C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 16391280d79ba555d2c5a8b340a0fa59
SHA1 06cb05c129805edab39da8a2747315192cf11cef
SHA256 0a1c8691ee09b019baddf02467285b8dcb63c8a23730dd892f93b70683ab6706
SHA512 4613f2153b3dd854ad4d1dd48539b4bab301d916d5774a32c860155e6a86201a632bcc497dec37a50f1e9db8002f7346e56bf412f5dd71c7b46ec1611dfaa801

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9279f3e63ec7c3e2b5860d14c08cdb3b
SHA1 45a785254730d172a06b5a0aea9dbaa065fa5db5
SHA256 898fb1a0f8634bc926ae838de9a53e91d12f6a70aaefb554347e4f0a90c15c99
SHA512 a378d3addf0169cca41f78ad1e38cfe40e56e27037a709a770a4740daa91b1f24cd102cd65bd64fec27a2ac2622a443a61cb05d07ff6a858f8ebdee3201852d3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:16

Reported

2024-06-11 01:19

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe"

Signatures

Renames multiple (5212) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointPortalSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe

"C:\Users\Admin\AppData\Local\Temp\a09f11535f94a5546ea4b950e988f563d172fb78abc0d5eafe473f2df6ae2c57.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 787d5c5df99209fd9d1cc4db31e55fcf
SHA1 49cc342c49e60ad1ea929e0a6bab85f0e13968db
SHA256 68b7d3c5d0cffd29c302ae8e7277b2ebd35ca76a47602c9a04c60dce76fe41ed
SHA512 25283923300630d1826af88b69584d6469704f12a7b5cc703117905a28fef4c0dacf4223f827264ff812a0a3ca51a82489176dd0724e3fc854e9a2dfbd900250

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 774d29ea0c4ea11a3c539a0f98cfae22
SHA1 9bc0c2e902553f7a4c473cde939825198c1b4d57
SHA256 e276114ba8d76e96461a634e92b0ac5af2012ca5798d11036cb460115132ca71
SHA512 770444f9acdabfa6c9a265c99e97d0a7e941016b0b0a072f8fe8706697b29654bdcc9b67c2794ec76991b1d6600106910d36dd39274c4db8dc91ed748f8a3bc2