Malware Analysis Report

2025-01-06 13:03

Sample ID 240617-bd45hawhre
Target af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed
SHA256 af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed

Threat Level: Likely malicious

The file af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5093) files with added filename extension

Renames multiple (3452) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 01:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 01:02

Reported

2024-06-17 01:05

Platform

win7-20231129-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe"

Signatures

Renames multiple (3452) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe

"C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 d98ba87e28c9c6b5e5447b4a0a46d2e5
SHA1 6b76c85595d46496d5e9fc04eeb31e10902b2584
SHA256 c58c875759341b5875fed4c223054bb4d4ac310f3af83f6facc6079a6b4059ac
SHA512 4be578665490e9a2ceaf37ede36b98daaed51a4153758ef9a797b85ff6988993e539f89eedcbf14ef82a8a6a89a043ee201e62e8fe75efbbe91ff6d6542b0fc5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 33e9c8256c933b3a63b67c53d17f8e47
SHA1 0e6539df45f4f4b9c14cc16f7aaf246ad3711b73
SHA256 8231833d0f11149e234e329ad783fad700ca51e9542ca87e32593e55d0d99c19
SHA512 100e96cc582c647fb518146eca3afa6bb320bc57465b749dc736d927147d7c5fab0a988401eb74dee1a1d027fd7d0728ea3cdbf89c7038ff7aff198e8393ef36

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 01:02

Reported

2024-06-17 01:05

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe"

Signatures

Renames multiple (5093) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe

"C:\Users\Admin\AppData\Local\Temp\af9521499a621a10fbc213a257c80fc7b1ab7025b794d5767e4b4b46b3dd01ed.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 b28d57d205641654bb60de135b29ed69
SHA1 74d7671a65af153ab1d60b7d234d99e67a3423be
SHA256 b9ebe7bf203fb83dfbaea61609e9e563490e8aa6f946fca3e681077d475eae25
SHA512 c4810edcdff050879cd09cb5d476d5a9bdfb0425b88173be106add784a57da912920fd47d2f77308105d1509f2f5664bc2bb7fc0b21414059ea9e5e8f36bde48

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 adff18a9735e30a398fcd76219d622f4
SHA1 105d8f9efc361c4b5dc737c835abceda8bb77df6
SHA256 9654445d92413397d062a88858951ec914e709098ff07aa4b0e3d2ef872a177a
SHA512 e5e21a24a0f5df48faa49a92f73f3a0c9631284c84b57c4178c4b0a009e35328cd787f8497a145bc36b77a787eb7efb59832daba60e6e7331766c46370d363c9