Malware Analysis Report

2024-09-23 04:45

Sample ID 240614-a29t8ayaja
Target 80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990
SHA256 80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990

Threat Level: Likely malicious

The file 80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3433) files with added filename extension

Renames multiple (5201) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:43

Reported

2024-06-14 00:46

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe

"C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 d6816415cf73b468c7ec12923d52ecfd
SHA1 94ac6a32774347d7e8c3f0f556e80895e30b24f3
SHA256 b996e343e6562bd4d003ccc48e17bfc972cdff6fce3fc33ec3cc29c941704cf1
SHA512 6d0563219750f673342d2414c3b131ad3e22470c1c416f7d0698ab3764de327035e68f6efc5fa4a5f87def83c10fd1fdc38621f949737f5854256259aa289fcc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2706ac7e10b844c48138ce212c757df1
SHA1 48cd7b6b348136be3a9a56ea7ef164f6f3561a23
SHA256 9fd4ee9201655094a78e5658b09d9fd550cd9b640ca39aa121a7951b5d5d85e9
SHA512 8ab7e4ecfd282348fb92936c0dc69bc5f09496ca8d590ead3e20bbdf3ee4d3e4cb42d0bfd475fa2416d1d7cafcc634c4ac9d099ebdcd97d6cec1a56872a6f2f6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 00:43

Reported

2024-06-14 00:46

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe"

Signatures

Renames multiple (5201) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe

"C:\Users\Admin\AppData\Local\Temp\80e6a70c50a04ebed04d11a847ef57d3b891e229bc9c5201980f2251e1ac3990.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 b939f6d418022266d186fe1040e2f221
SHA1 61d752051d6d3f99ce18c8a0033ed91da3870dd2
SHA256 853c5fc5362dbbff24d850c56ed06feb79bdfff62b8f8e82255713616700de5a
SHA512 25dfad3fac8619469c437aff66aaf745168b234764578036d72de36634cb7f1f3d207e3f8f7ea2823457e15ce613c29e33a0ebbcce501f1df1f0b75616d805df

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3d1084086bd12f8182533300d0787349
SHA1 72c910233f703cbfdb753a7816f19af12ef21c06
SHA256 20de8ae9051ea999c3d091cb4766710c387090c2692e6e53bcd3e9ce3590086a
SHA512 7bc4f83df4b1c96c51937adccd817d41b05fd02348047048b8409ef2bc086781c6e28fe6147c221cba6194f2cdc7577773a79d2b1515c12bcf556c8dd8f4e6c9