Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3hav1awajl
Target 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a
SHA256 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a

Threat Level: Likely malicious

The file 749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3747) files with added filename extension

Renames multiple (5211) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:30

Reported

2024-06-10 23:33

Platform

win7-20240419-en

Max time kernel

149s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe"

Signatures

Renames multiple (3747) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jre7\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\SuspendResume.mht.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe

"C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 a877ee9780b6c20eeb01dac5c94c0618
SHA1 9d1c38f3ce6aadcf1dcbf6ce0f3d443b183e8459
SHA256 803a7838ff367e50c479f6879acbd58426dbab5c80036473e8439596ecdf2c36
SHA512 720d42bef97a432db47e85727de63ba2ca55244836d8fec301f01d52bcbb40a06d1c7b0fcef2a7dd034bf172747b17e59310577fdef01cb3de903a4aaf40b4e5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 030fa67903e6da2a19c3d84f6d375704
SHA1 1adb9900b8fbfc316d0ff73ff30843ef791716bb
SHA256 d5508351b123eb8472870524c634a417750dfd31f5a816dc06475943716344b5
SHA512 e96e4e47dac9996040fe655a80b7eb82874dd949c342e5b93d08064797f72b0c362e12f67305db2bcf76c274a3a5d528a450924c26672cd57b1f849c839e516b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:30

Reported

2024-06-10 23:33

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe"

Signatures

Renames multiple (5211) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe

"C:\Users\Admin\AppData\Local\Temp\749a782b13a0a94a55b4b3673b4268edd978de9edb301b0e0c21050b772cd84a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 677335d50a23475caa14839d5250d5a6
SHA1 5a5d251f57f55e8cc673919ce7595db866ad2c58
SHA256 5fa9e90937f12a0b43cb4abdf041a3511fb4f2320143bb16f4a7e184e514a40a
SHA512 c97e5a27b4f0d41010ec99157a2dc205a67acf6dccee75cf6c78d6ea3de8d48b3899179bfc4fc70ab40d2327c770ca2b91067348fa90f71a8d3563cf8f0fd735

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c506ff74e6ab5bfd2a8f2c30f8263b92
SHA1 3f8ca1179f5f2bd42ae112fc000808dc86332268
SHA256 e235bbdb0cab41872ca3ac40bfe8b170b4318f24ff406909d97451835d2da7ff
SHA512 dd2987cd238f0364c2cf5f8d686bce0d704e331d2931c19396183f4b33a759891c7041d59880c46c8b68ee2b1cc534200ac6a28b003182a3af17ce5f11244676