Malware Analysis Report

2025-08-05 12:50

Sample ID 240531-esv2xsef6x
Target e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527
SHA256 e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527

Threat Level: Likely malicious

The file e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3442) files with added filename extension

Renames multiple (4827) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 04:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 04:12

Reported

2024-05-31 04:15

Platform

win7-20231129-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe"

Signatures

Renames multiple (3442) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe

"C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 91f01f4c2f0739d9ffc3aadfa8b7292d
SHA1 2a96af58cbbc14dd4b4820778407a66cd619382c
SHA256 43967d9e2f024272f0284aa35d89e125d45a2ecbf3f815aa681590b7c6a7dda3
SHA512 4b5e98ff4a3b646b6229d2d41228f97a3b70e651120ca5fa8409f2fe3f91bede133a8a41ef63116504f856449c04023d8697e3e86bd9343e40690aeafc731637

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6ad7520800d5bc300d60975df9dee2e9
SHA1 228713a449c97a88db2e406750b262f4c97d1f7f
SHA256 b8456ab497fadce15e26137f824f72562cb0a383d83a182e78eb388a20ba7f0d
SHA512 decbd717a52de7e1270eef2cb6358e04fa6e1113d6fbf0bdfa1f12f550af8a14f3aab4afaa4743a58a9d92de0deced767f61667aa036644da42341745705033c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 04:12

Reported

2024-05-31 04:15

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe"

Signatures

Renames multiple (4827) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe

"C:\Users\Admin\AppData\Local\Temp\e289115d68f8af08e31a13598141a4b97823696686eb03ab2c19671f10d4c527.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 400fc0ac49b8644c08148b7d72ec6089
SHA1 cb58a6daf228f9a47a9590d95ff5a20cb4ec6295
SHA256 f6fce6a511c0812c0229eb20516de09a9ad69d1fdd7a90cbcf294e4a86439f3f
SHA512 a0c3e42b48b4851e8c09ad1ebde36c98a7ca2aa12cb365c384931abd361228a94fec33fbfa9ab45c081f63c288783a001e2336fc516e7ae82b9274be86f1073f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 480a9a2abfbe4ce5acddbca5aefe85c9
SHA1 7b60a9db3fdc0ea89b4e65bf0534b044427f507e
SHA256 2bcb744ae9314d21c631085a3c2ac0b1bde7d2c66a3627667f7f93beab2bffcd
SHA512 e8ba2f52f2158c253c131ba54fc5f6c41e105f976dc744089bd64698aea0f32ed413b90cc03425324ae91748d2a5b958a7e6f4f8c2dfa9934e09e648f8ee466d