Malware Analysis Report

2024-09-09 20:20

Sample ID 240614-b7htcsvapp
Target 9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1
SHA256 9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1

Threat Level: Likely malicious

The file 9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5213) files with added filename extension

Renames multiple (3514) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:47

Reported

2024-06-14 01:49

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe"

Signatures

Renames multiple (3514) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jre7\bin\installer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe

"C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 05e9a883b00178766eb33ec99e92135e
SHA1 b2a994fa51f0f57121fe5de4bd696e795ce3ecc8
SHA256 776e5d3be1a5cd624d0d43c168ea77be701297175034eed283c2a4c928f384f8
SHA512 d159179c62a21249385c0205ae98bbc510841eeda04bd3a88df22ba46ffb5221ea2000df40ad03ae03476a09cb6f56f2f99e4cd6a5bef0c4aa443b5cfbfc5523

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 163dc12d24c30668bf0963e510421dd3
SHA1 f847537c906867704bfb51d295f5e1315de5bd1c
SHA256 4b6b0fd6e3e82dfa08ceb5640f8d15b9091742e53ddf67379f9547d9d80ba05d
SHA512 fed6508f0c202f7693429978db13008f7a2428a9c7d50e1f8cf1abc03a18dc17eed876535511b842bf82df7c12aeb9bcfe112baeb9cf2b75c8b0abafb082cee8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:47

Reported

2024-06-14 01:49

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe"

Signatures

Renames multiple (5213) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\EEINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe

"C:\Users\Admin\AppData\Local\Temp\9a99a84df1cffbe59760c6c89fd2d6f1723aacfe7e84d247ee95b6e0630610f1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 c5c3493bb59ed642ca9d3530aa9cba6b
SHA1 e61597c185252c198e754a0726221c4cb0756136
SHA256 5b7206ac489d64386ad62642866d427c57634396a5073b056872e5ae85a53fb8
SHA512 e8a6ab4294e9a6482151ecb97eb43a7ca386c24d6b5743581beedd6b89471c2eec91c87789993c3fa4499e41246bde962ed30e20b5f17a2c29f07011ea12f903

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 730de58ab295797a71cce14a8fb90902
SHA1 01aa1aa7c2a28e1cbd2369d5cc7f7fe5201109a8
SHA256 1217d5e4a111809c44c6670e76c0106f7037ec89357a31e8f0066cf4ffba62a4
SHA512 99675b12ed2d9a98e67e02b3b1d4ba4a125b14529b9dacd2021e374f0c0a68079932b01d030fa18514140b3ce476ae36a4e90820a5197cc72b64572511f9e9c8