Malware Analysis Report

2025-01-03 08:31

Sample ID 240611-aa691swcmf
Target 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda
SHA256 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda

Threat Level: Likely malicious

The file 808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3526) files with added filename extension

Renames multiple (5199) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:01

Reported

2024-06-11 00:04

Platform

win7-20240220-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe"

Signatures

Renames multiple (3526) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Media Player\mpvis.DLL.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Mozilla Firefox\precomplete.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\README.html.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe

"C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 d854ce585f8864090d06f3f4a9498970
SHA1 c37420d3170a84bc46f186ace8a02c92211ca6c8
SHA256 f494f5156b4927df80735060b5753436c5d28d28099ec4c9bcea68f8c991cfad
SHA512 35f4d525fd5e523ea838c03dd4a6e37819b6b12978c0a1a64b7a4d1ec891e450261f001f0d56045dce196f05ea188888f7316b5a085b06a5e0c944dcc5bd8e3e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9f74404b0a5753fefb825a771fe26749
SHA1 8eeaa06aadc9f4adb1c299ff6cb48b5cff2d918d
SHA256 91d179b7ee503eab3703dcefd8f505b8887db3175cc043c8b0fc72f60b1c3e5a
SHA512 8c94cc81886d398c14fd45f2d1ae5a99396aa0cea829a061fdabcb00f70ed0addaa3d1be9e4e48a9a489efa1413fa19f073e7ed5101f2669bae022d666c3534f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:01

Reported

2024-06-11 00:04

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe

"C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 0e10837f95e58891ae1be9fa7cb10d72
SHA1 4a36d90a284769c4f7fe307d3836e41070b1b11c
SHA256 0673440acee7dc27b73df06a7375206d0078de5ecef20da3fec2be21b5077efa
SHA512 ef5202bc347690d0ec03afadc97d9f2bb4c9fb7675b598a7aa5105a4a86ef6d174c681ccb85125f5508109d92a177f495c775c4906f84ab17764a2b45e45812a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c325fbfd67be18304da63453643b10f7
SHA1 0b44886071b3260830f97bd34a295bc57106962f
SHA256 2fac32cf82c0b0af903e87280979a387b9c971b407ccc775cc382a0a6086c678
SHA512 3e6e730f41d0e58533bb9dd6b94ea2baa2c5115d860d0dfc0251da1831d9e5fbbfe0878f937834730fd79d15d55436c1570ff46cbc5965477a9ef65e780412a9