Malware Analysis Report

2024-09-23 04:37

Sample ID 240614-c7z83ssdpe
Target af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809
SHA256 af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809

Threat Level: Likely malicious

The file af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3697) files with added filename extension

Renames multiple (5193) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:43

Reported

2024-06-14 02:46

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe"

Signatures

Renames multiple (3697) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\ResetStep.ogg.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe

"C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 1b1796acadb4fee4e62059b3f7bf2b43
SHA1 632a8f42e5ecb1d1c276b14ea57c9d482b5a85c0
SHA256 0d81ec301fb0f03fe6d18bfce6e8c4121aa42a74b454793dda4fa9b398b26693
SHA512 ed9f81a0b7d884ead1dbb80fdd7fd597978ef170cec255278fb49b0d4b80c3e71c4633c292bdf18b0926c0249e10e59a4e3284868a81fe4916b7f93d9df115d0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ff179f3bb9a9a5dc52b0cd6e9839e737
SHA1 c6422fcb1259f7ae02ab066b8a2e98240412ffff
SHA256 b908be87c6bacaa46eeccb0b512795ccd08f645963303747975c4d05e7be85ed
SHA512 ccdece4b548e22a7da69c2005fe6462b77b9d28fa63b8de66c988394c922d0b565b198d5adcca049f1743b8e00cadf63c05299bd0922e222baad4a58c750ec79

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:43

Reported

2024-06-14 02:46

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe"

Signatures

Renames multiple (5193) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe

"C:\Users\Admin\AppData\Local\Temp\af787eae268d4ea465e87b013a7ca582f6b3ed09bfbb8d58538bd4f58e043809.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 68d03dd09e846625a5be6915681c609d
SHA1 f3bfa7c444618b6575e984268712c8b99d7f56ed
SHA256 87e99bb65e0738193d1bea7fe84c4d3a99cd61b3032b31f81769f8c52c98e31d
SHA512 692bdc07396bc2748ab24ff8331ec98dbbe61ec64a3f78a6653ba16eb51cbea148e007dce0d9e3616fb1e1742829d6be1d9f2f2568c63e9d2850a24ae54321c3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c1fc8c232d688c0bff20576536ed08fb
SHA1 759ca1692f9ecfb2eb1158cddd8c430e5920038c
SHA256 f85240c6e6a5e5610cf81faf764d6947fe9bb1e915be100489b9c54f5e6ac56b
SHA512 b94ae8f624a0515ad96a4d629193f7f1d36d48fd6e196562f6651898e6a3cb08775bb2c26e7924da7989c95a51fd06964b76167a3110fc1236f4b364fd20491d