Malware Analysis Report

2025-06-16 07:26

Sample ID 240602-feaz9sca98
Target fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6
SHA256 fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6

Threat Level: Likely malicious

The file fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3456) files with added filename extension

Renames multiple (5031) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:49

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe"

Signatures

Renames multiple (3456) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe

"C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 5d87e3913ac2e848bfa1a5dbf3dbd201
SHA1 941e145b98268689a366a963ef271eb35a6f60c8
SHA256 6b6f025e7bdcae81dad5d7c6a785c66f41e303d4eb3edb40db4f384f945c5c9b
SHA512 84de4622b7dce1ef4fabff1201252ead061fc0e4a648bcf7d4d7d15f5b101a2fc6bc8da850559ff89243ed154421ede4583f41febd9a1a414d92ca6318f10666

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e4d34128971cb7a8cb75bc23cc3d0663
SHA1 9748796afb8d12591b8d80bea7ea152a9e2fd62d
SHA256 81b6a4753d4524245df0836ab7438311e7b682b8f7572b9adb2d32fa6de64c08
SHA512 a7d1a5ac51082f1cc8265ab83e56f53c585596b4f954be85378188d14ec7d2c9adca4d758f04a684504855bf4692dff9da582b79fa2c66bb29b273fc4942b2e2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:46

Reported

2024-06-02 04:49

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe"

Signatures

Renames multiple (5031) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe

"C:\Users\Admin\AppData\Local\Temp\fafbc6719b6125bd700cbf42b43a25973aa6b62d62c95f07d70dd8f8289a06a6.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 a5d5bfdccd0e70191b01bc594f6ca59f
SHA1 8b29bf2568e1ed1121056f8acc0bf212ccfa60b0
SHA256 58b6279e1d3681990ff80334e433b684f0311e88b0ea34a1d84d3d5c35cd0faf
SHA512 2565da34993de7d2b40daa32a96ed8101fbe1b964828eb68494b379ad8d7f6737734088a4657fad67e36d0a3f8ac0e5fa4215302b7359e5a01da4beb5347fc30

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bc595b1cc123e0eb3a3328bdb8504cbc
SHA1 dd08c565feab68ca479acc53e52c8782b8bbd957
SHA256 934b122f398b21c74086b5667cc4bd59d292eb2581711f8113f854fbf6cb5c7a
SHA512 04dcdeb2d110702e3125dc4a5fffc50b03a425ef5e83028158947e2dfba482a67d9acbad3362bcfb7a0f3e66a71c1c11d200378b40338c5f3288fbb90de6b73e