Malware Analysis Report

2025-01-03 08:30

Sample ID 240611-bxzdcszcjj
Target a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436
SHA256 a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436

Threat Level: Likely malicious

The file a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5341) files with added filename extension

Renames multiple (4048) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:32

Reported

2024-06-11 01:34

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe"

Signatures

Renames multiple (4048) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\InitializeSubmit.rtf.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FSTOCK.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\THMBNAIL.PNG.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe

"C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe"

Network

N/A

Files

memory/2324-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 80af1a1fdda7a7d099cd02b46600fcf4
SHA1 2cda0ae34b93de44a188eaaccfa5d5fd45351af6
SHA256 910c208c77740eee41b7cdea125f6066323aba09f4b3a33fcf0ca5864a54cce6
SHA512 a1d11a49492a4272f1ff8c116d90b39ade68c39fbe05483b9f5d21d106c92f06b8e294653dce1d94da96cfb4e06204b2b870090ab45ad78a951b733347be3575

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 09145ac14e43619268d45888abb3afd3
SHA1 5a0f13e3968ee7e72357f7771f7d82c62f9137e6
SHA256 a4e3cce44ea1c9497ff992201872a381f167bd2180cad206c1a35e34d0a66603
SHA512 fc24a8bb8b5b688bf8be2263995ab475003273e4007ac1e4aab8c93a4ab2969b6830e98c6728e9b4626578eb795237f5b57617fce0957e51f61aa52df3fb25d3

memory/2324-662-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:32

Reported

2024-06-11 01:34

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe"

Signatures

Renames multiple (5341) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jre8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe

"C:\Users\Admin\AppData\Local\Temp\a65b131acbfe317f270ac014abd90c6ab3425587ad450ab23f41c91c26ffb436.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1924-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 040a6e92897bad730ae6c9437741dcef
SHA1 64d5b9ef676311803e7ca63e7ac8249fcd2cb9c4
SHA256 991be8807a4f7cd6bc6d7c86ea0e79e8ee9d74ac2b8ffeacb0056a9c301521a8
SHA512 7f024e9e83563580052a40d8a97f0d666fff2d5d2937cdaa8fb5344bd3ea6e07a1dedb9c9ea4db939347855c531f0da1479c13aaab02f26b3b72f0725713e60d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 508d12fb836e2eadfd3c9a52cd6b0b3b
SHA1 6479f08b74d69b229c987db2189226a0d465c902
SHA256 b81cdf4cebe9adabf2227863682b6af76becc375d21e3d1a6a188c428cc68ce0
SHA512 0eb6aa50e7f035ff20926bf93798a13e6d0b84af65926ca4b88ae98a48017928a7937267834ebdace390c6c64c558469f125f1861bde63a2ebb5e7ef02ffd177

memory/1924-2004-0x0000000000400000-0x0000000000408000-memory.dmp