Malware Analysis Report

2025-06-16 07:20

Sample ID 240602-bz3tkaed7x
Target 80fd52325128f669d8967f32af27d040.bin
SHA256 25ab64906840f191990fcb0c62c2bb4484ea442fb5026acf46203c1cf3f6cc26
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

25ab64906840f191990fcb0c62c2bb4484ea442fb5026acf46203c1cf3f6cc26

Threat Level: Likely malicious

The file 80fd52325128f669d8967f32af27d040.bin was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3461) files with added filename extension

Renames multiple (4729) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:35

Reported

2024-06-02 01:38

Platform

win7-20231129-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe"

Signatures

Renames multiple (3461) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe

"C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 e5c7b50ace2d10540516944f0cb9db4a
SHA1 d2109c3966a5c02f34e08a8b37d9d0ddf70745c3
SHA256 0b22c0a1bb68bfb1f9a3dea3dcf5549f125ec7516d67b655e0e9902d260e5535
SHA512 1737565a2b606d515f28a2e88fc56d988342ad9116beeae600334c30ff6101143a2aab28053b96c9ecbfbf606b8906147b6c0ab095bb1ca8593d8d193edadcb8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ebeb161e1fbc7bf73de7e395b608fab6
SHA1 987d92b566808e42210f24c819846d558b94119d
SHA256 85c72e8f5dc5ba97e2055dfe2a4d812ac5b0bc5a18b8ed7a17128b2e5700aa00
SHA512 113e5cc139b1f29c3119c1106a901697d9bb8255aa8c5fdf9167458ddd81ac211f795d517f3a24e973bb6f452b51d287dc435eee609adc5508d4a7752896200f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:35

Reported

2024-06-02 01:38

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe"

Signatures

Renames multiple (4729) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe

"C:\Users\Admin\AppData\Local\Temp\80fd52325128f669d8967f32af27d040.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 079ac28f29a4c33dda4584230af0b64a
SHA1 487db0cf3d21ad7be74232603c1142e549206dd3
SHA256 ced89141ccd5976af3a11a42275f4545ba89a906900a1bafac19b6dfc034fcde
SHA512 378feaa1b85b1b36b2daee4d5f0a7e5d09a2efdd33f8ba112db0349bc03df3b7de96f7298c1c46e218105c63867ba3c334e9176061f4c19cab1bbe328c573754

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d64ad0242f17dadc4c26cd7e7ec241d2
SHA1 813a4e5a4ffd3122445a25cfdf2603e31efe8b1d
SHA256 454ff584764df7672d9bb5bebd9ae0f5fdb65a42703b09343f5e397e51438967
SHA512 27e479e00500fc3a8dd1a84a4595bc37e72f148540587ee72d2d871ab8765f093138dfba9abdef954997cde7aaf2bbfc4a2a6709f12c9c455c2f6241e683233d