Malware Analysis Report

2025-06-16 07:34

Sample ID 240601-yt2ewaec96
Target 334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5
SHA256 334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5

Threat Level: Likely malicious

The file 334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3443) files with added filename extension

Renames multiple (4828) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-01 20:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 20:05

Reported

2024-06-01 20:08

Platform

win7-20240220-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe"

Signatures

Renames multiple (3443) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\UpdateRedo.dwfx.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Defender\MpRTP.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe

"C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 d5613b24525c49c5ff803bb335221440
SHA1 108a08938ce5cbb0b08b850c9658896ffbb09fc4
SHA256 be4738aa9d1938f3924335fb03d4af7ee443c76556a5adf168d04871e8c47a01
SHA512 85935607b0058752d0c820e02c3518e6e6a07e7dde240f457ae03b2ae920267aa41ec6b8c9a91457a2552eb09e23f1032bc5555b300d350d71b241668fc6b793

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6d4ed146a79bf64cdadd3b87b581ea4f
SHA1 cfa42c7e8177ac478a8653497c86af4276607171
SHA256 ff303aa2301da566e9d186758811dc054b8671b1a4e73bd0cb115b61da01432f
SHA512 13428f159f6b0579a83eec2abcb6fa73f8c54d9d4b7df2327b4c58caf977e67d9b69648d39701b5713b494298546abad04aae0b58728830459f85f8e2b111959

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 20:05

Reported

2024-06-01 20:08

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe"

Signatures

Renames multiple (4828) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe

"C:\Users\Admin\AppData\Local\Temp\334696f4436d4a2b8b775d5124290c5644f69e887ec46dfa33a66045781a0be5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 41ce47d232377cf2d2775df506251390
SHA1 cbffe489f4020dd47569fa764736e05dd66a8196
SHA256 efb9573be12396acc49aeb80669c9a41196401cbaaff5ff023ef5316998abb2f
SHA512 79283f682b7c433cad74197c9d3c74c9b712f6a5ee32e437d3ea248a21fd101272835a19fbe449ba72aa9b727ec9bf1c8dee6894428965578d773dd9a5aae074

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2e837ae27d76adbd56fdcc73e2c642b5
SHA1 43ef4cc18915b41df517908fcbf824a4e8a38904
SHA256 fad387285457a5a3667bcab453dc8f7b0a13dd89c6a7a964039eb849b7ae888d
SHA512 55cc21678e039e8c1c62a387084729d184425668bb07708805db3adfacf7c491228d67e2b04449e7fc7170e90e9606972420f027f2c81b599370f802d9ac7a63