Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-am26tsxark
Target 8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81
SHA256 8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81

Threat Level: Likely malicious

The file 8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3665) files with added filename extension

Renames multiple (5221) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:20

Reported

2024-06-11 00:23

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe"

Signatures

Renames multiple (3665) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre7\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre7\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe

"C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 87df0088d18049f1d5bc8d3304ae1f71
SHA1 fd214d8ff96b3fe6fb16781855daead6a38d2ed6
SHA256 f1e2248f8d265e89e9f44a494ca5016872cd65ed07145c2bd9812acfeca82182
SHA512 5c2dadbe6501b9e0043d8866fb9324384cf19b75b03165576b2c79e403dcd956fcd0237a30089ec66b97ef8ae0c96cad3181a82a96964c746852411cc42b5332

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f28f6079629068293b31616e0d0d4877
SHA1 4f0fdbef92104b7f3c4ae26a2d3b2d36269c9424
SHA256 132ef9c643d9fb08af7d17da04b8fc08fb0f967b2782c2b4e9ed51d6b419373a
SHA512 6768ad55c8b183508678fe3a84339f1dbef9425be7d4c0a24e1fcb408308e6c1a1ac25a369d7df3db4c288b4b8cfb1fba5804e2650f031cbd53519a94a84fad5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:20

Reported

2024-06-11 00:23

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe"

Signatures

Renames multiple (5221) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySite.ico.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe

"C:\Users\Admin\AppData\Local\Temp\8920980539f7201607ea6e85afb05c06f1c7bd33b11f5ea141df79cb8f108a81.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 1bcb05ac4e40e10d42705e8700230a8a
SHA1 b0cd168e610481a67043d961a5081db91c72893a
SHA256 bd6fbc3bc7b06d539a7a0e82c51248a3f0da75d345911a97e5eada86b8fbc8a1
SHA512 8cd11d415038f6e90ec7a5a020aa833566e9240666201ef9ce4dbc4e55c54113d91b5b3512d5f635b3c38879e348dc389479f24dd3f62b8e0275504fd7536e32

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0a69cff7a57df7a88f12d7eb621312d8
SHA1 05b63bdf8aed336d3ccb71ea2c8c1a1cb4bb5d81
SHA256 b878465a1fb5ee865dfdddc898a3c01c3ff76c0e953bc15df0579e7e65a73d1b
SHA512 0cc8c5b7bdb2455b0b8de5a0d7f7819dfca0bc5e2a9caf20fc7c4d2fd323cb2365598d6e9442591f2ce77d7dbd9f6afca021ffdc5d053519b0b5735910a1204e