Malware Analysis Report

2024-09-23 04:39

Sample ID 240614-cfd7javejj
Target a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1
SHA256 a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1

Threat Level: Likely malicious

The file a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3433) files with added filename extension

Renames multiple (5118) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:00

Reported

2024-06-14 02:03

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe

"C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 7e74239d7f2d0a614257f9a11893bf9f
SHA1 c47d87d48f5639d5b321657bb1e06709eeceac26
SHA256 0fd11db2b18e8ad802a0c59a4ca5dcc5667c61474164e2a5d6137c2553c4d5c3
SHA512 d1573f8f587026459ae82a86b7ae2a3e5557712c15930fd9e4de0ada52d5d0b612fc51f2d0b31a7bde9c376731c7c9699eb7547f935ac7687748e3f19cca2641

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bae485f5e7af2afb99fc8fd4d9551c97
SHA1 9d25eb014acead140b249b14a214211bf38322fc
SHA256 e05a7cb4d11ca7761f7b87f464cc56ae597dc68572daa0d602503abf193a6e46
SHA512 6bebf0b9788f97ec630933dfecadb97d8f7ae2805673c275fe2da75c5d872345070d1e77e9c5b76a3129f6b3d22835d21141a3e1b97290a3c355f4c29526a0c4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:00

Reported

2024-06-14 02:03

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

56s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe"

Signatures

Renames multiple (5118) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe

"C:\Users\Admin\AppData\Local\Temp\a0bd965d55a7bcf710991fdd10e6009a9aa9df0bb09128a379ab709f45ff1cb1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 8bd3032ca82523e6a57cc9b3237e7237
SHA1 a39f3b26b08c4bb25af7fc90b4c1dcc2c13d1f6b
SHA256 439119be024303c97313262630b18b33e894e8f61d783ae29cf6926b798b4bb2
SHA512 4080b556f759839d672bd335c792da8864b67f23935ca9e7c6dddcb66673154760393c0d9b30b303ca21014f2ccb35d9645d3917dae5c2897fdb783f6b7ea5fe

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 72e7033a5f8f0b4c9d62dea6a8ef876d
SHA1 1bea0cdc99e0efc09da0c5d0d6edcd6f3fb367d4
SHA256 1adcf28a985e9da26ba09fb7d4484c45b6cef6b0ace4306db11b1c206b8b7fdf
SHA512 1c2f0398569aeb39c667faf14250710a7c57bc52c5a45c388e93093bbffb795291abbc1d79b9dca45169834f0188d1f42de9a5c56cdea3f46b0d3a12dccc31bf