Malware Analysis Report

2025-06-16 07:34

Sample ID 240601-yt533ade7z
Target 335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149
SHA256 335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149

Threat Level: Likely malicious

The file 335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3505) files with added filename extension

Renames multiple (4726) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 20:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 20:05

Reported

2024-06-01 20:08

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe"

Signatures

Renames multiple (3505) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe

"C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 2e675dbe4960175560443cd756638281
SHA1 23f55902bcb493e0fa4d13833e1d0038b6aa721b
SHA256 6f17f709ecf9779af5ed15a997c545ba242cc130f1ab29d1682a87899215519e
SHA512 a488624a4e98881bf450c30939a4d21f231426bac8795b0e76741f8853484c8827119fad01067220eacc23ea1317d0aa62ee19aec0da239b1960cbb970abdd5b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 032bf8161918ec30b9656196ca73e17d
SHA1 009d47466f14eda19f758dbb401768e598ea6b16
SHA256 f75cd40ae1215f098bea596bfbd2765448a2c0997513aad1c57e0394381ba525
SHA512 13ea4236a9d09c57f21278e39efe9a0c16d001a43705030a7c3f335359c34996f4650dad1af5f483acf974112fa5407621dde795b7183eeda4bab17fe6ab02d8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 20:05

Reported

2024-06-01 20:08

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe"

Signatures

Renames multiple (4726) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\MeasureRevoke.xml.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe

"C:\Users\Admin\AppData\Local\Temp\335a14460f174dcf198d57bb6eeb70a80083bf2f4a2680925afe72789276f149.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 8.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 5dea69b44032ed4440a1cae4d204b260
SHA1 8c442ee101cec8b2d4126dc722812e8e6206a764
SHA256 4dd58845e338dac1b97018ccdcb79849cf7b6c878f37f46eaabb4fa0c730c099
SHA512 3b79ecf2c33fe3cb3a651749dc9cb758dc6f2cc4cef2924956b25b10c4db3c818194f10e2c9be108f27cf7eeedf74ea613230ef4680228b0d1f4ff2b4dcc5241

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c1f4e457b9f78bf1140a0caf114fbebf
SHA1 0f01fa427ca5c934a05fa4fba0ed592d5bb4e5ee
SHA256 c0395b516073fc09a58c6aa7d65ab4d128152239709cdc4c293d63fabc8cee52
SHA512 4370b46476f18fc53e632127ae3eb215d7435e61f082e8bcd8aa6e015d6e5ffd8a69fa262fc869d87def7163c97ec3953e676729d49b0d4d741815283ddd03e7