Malware Analysis Report

2025-01-03 08:29

Sample ID 240617-ane3pavgkh
Target 9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a
SHA256 9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a

Threat Level: Likely malicious

The file 9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4863) files with added filename extension

Renames multiple (3442) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:21

Reported

2024-06-17 00:23

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe"

Signatures

Renames multiple (3442) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre7\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe

"C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 375981c320d0f4914cfa65cdf95d93ec
SHA1 e167f4d11fcdc7a651bbad5e155bee5e722b05e5
SHA256 4a9be7d1bc3932e23555bd8b324a00dc96695a19e48f63f242da450933673e33
SHA512 2ac5b9dda87b8a3e89f79eea987228aeb6c205ab9ccf69e0de5215cf58be7545e8b27da9a3506d4dccd8b7efa7f9507ea225ae96da5b348a95f6bc84be84ca2c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d9428c8f9ebfa4b7db4ad43cda81ae9f
SHA1 7ea30ee0cef847d6d27df5f6462fbcf77363a2e2
SHA256 2b62df1a4488ca4e93f71006661fdee641d8cefc8a6f4aa14a10f9e79c76e4d9
SHA512 8aee5a08eaf799fa8c8d1aa8c4b7d3a8ba42c0f48dab3e9125eebfbe0aea61e34dab647161bfc404b3d273feb8d36f5ebc2268d5e4d2eeff003ffaa8a8377756

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:21

Reported

2024-06-17 00:23

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe"

Signatures

Renames multiple (4863) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe

"C:\Users\Admin\AppData\Local\Temp\9e0f02f8859542024f6e15a6ac800007da1782875ac6bd35fd37da9b6a65136a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 96a0d9733e5a4de0adfd298a30533339
SHA1 34b09d6a0db4063b3420ac42375df406dddb2e51
SHA256 8cd771d58f36560a0f8d41cea084fa79b636079ef6073b021fe8752c178ea728
SHA512 b7fc1b87ddfddde546050ea45198ffe9b12edb533f475f73597dbb8c5a8b5cabd336b3b83ea763bb37f2268b86029a56043268993c31ef4291c8230562fe5591

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1775f8c4426cd6682094f263695ebd63
SHA1 cb45d86ef8a442026217e5ad1390ce59bcf296b8
SHA256 6268219d317d824606ed4a1e4058edb8aa19b9e634abb8fc7fc220de5f15544f
SHA512 00941d332a2d0603b153f7177da4e179229b329cc437851ee6c512e616918ed856ee579cacc3745b3b3d3750155ad260b5881c8968dc249aadb68d274f2fb979