Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-mjgf6sygnm
Target 80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N
SHA256 80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969

Threat Level: Likely malicious

The file 80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3277) files with added filename extension

Renames multiple (4678) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 10:29

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 10:29

Reported

2024-10-06 10:31

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe"

Signatures

Renames multiple (3277) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Mozilla Firefox\mozglue.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe

"C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 f14416f0c1dc4cffb2f79262dda3333d
SHA1 a831ce4c04ccdbb33c5ad752336c4a2d675b5606
SHA256 f2975fc71f66edf44ed04a7b86c8334e3feda6e929011c085d7b67356c1ca383
SHA512 797a1970cada31b43a38e279d68c91486ec3c49fc260449033a6c48ea436693671a9bbdb19e0b6016a6875726855ed693396a73e084034680ba33b2c2cd2ac8e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b0c263a5922f9a47ffd74ab1f0698bfe
SHA1 4c6bcd4a85c262e063bd3039bf72d91c2387c46f
SHA256 0ba48d5033fe80d074768be8b220eb322ee0b08c5106ef6a86ea82f025d93681
SHA512 871dd0b42947213669f487a30d2c3844c3d0f863eae3a20bff0cce3e91254b23d69234a4253cdbb6a155cf7eedd4d02b1e6c2fd4b0861b1f25d28d8ee92ba372

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 10:29

Reported

2024-10-06 10:31

Platform

win10v2004-20240802-en

Max time kernel

119s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe"

Signatures

Renames multiple (4678) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe

"C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp

MD5 7f68d000d4f3d0d851f9e530f84e51f6
SHA1 4668c6e2135d28ee9409b378bc4ca1366137483b
SHA256 baba54ee970182eda9eac0f35b128ec6ee2a18a2904a2817946a088fbd389eb5
SHA512 0e6b9c34fe7ad0c2c3d9f084b1635793d7d071c04cd2ad4869f6c26e0cf60f684f6928df511049d0fe5616211d27cb6118cf22698c18127790a71e6be0a547d6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6980215fc4f8d0057cb8e62427013742
SHA1 02bb5d7b66d0ed95a2444c1b013dd23db0e6d9d0
SHA256 426562709589b1f860787510cc831e292961f48fdcfc5217dc7927ffa97ad8c8
SHA512 10a7aff52139cdcb60befa33a423d070f1fca2b17d36e0150bcd29afedb42cc5b9c079889e4686be6433cc8b1fa1bd9012d254c7fb3faf34db70387d93e72bda