Malware Analysis Report

2025-01-03 08:31

Sample ID 240610-3p3jlawclr
Target 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41
SHA256 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41

Threat Level: Likely malicious

The file 79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3687) files with added filename extension

Renames multiple (5194) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:42

Reported

2024-06-10 23:44

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe"

Signatures

Renames multiple (3687) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\DVD Maker\offset.ax.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe

"C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 3dd9caf0a6aee362de0061f31c31d630
SHA1 61db2ce254b29cef9949c772fb82e0fb1cc36d48
SHA256 6da7cabf5a1d94f9356ca1b53e935a4e3fa00164a0ec6a2cee2df462ab752275
SHA512 d0d59895859593042b3e5eaee11603c7f2b0bb79850cde35c0cf1f592a57eeb70c193df90910eea2349bb87b175e18a42072cb4fe55e950ca7919ee007e44a50

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e830cdd9922490bf7ddac0a35b451e60
SHA1 296fe0c70b7a6362c3f426a47ea1ec8ed4e9e888
SHA256 dadaba1480dd69d10b89eff7bdb7d6efa736fb54557c2fdfdc95589d8a7a6ecf
SHA512 3a3852f0fec4be65992492af6e601823786d2a156d12185313f83fc69f27fc263fc3ff1c5b65f0498dcf9fd6ce3a7f6114fc791058df36cb5eeed343f0c05c6f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:42

Reported

2024-06-10 23:44

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe"

Signatures

Renames multiple (5194) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe

"C:\Users\Admin\AppData\Local\Temp\79e765027ef3d2af3aaaf808b24ca43a141c2e46d71b7546b0e34c3eba71fa41.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 e2203197767e1308a14aa12e783848c3
SHA1 a21ed7eaeeb7638a4375ac536130f83b6820ccd8
SHA256 b0deacad61cb4c44fd671bd9ce19feceb6a14b0f387054e7cf076230e8a92ddb
SHA512 6ab59cd8cc9cd62f189e31db4553482eed15b053d06c819f4c0033650b146aff7be97cf5862b0cc48e74483f49e2398c9ad3ed30df4d55b1e44eb97d8a7e1c2b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6f3d68c50cd2317cc626eb8dc5be77c8
SHA1 7b14c2b2c92566c5c711dd9d9b3084facbcdf263
SHA256 9576a9232be728dedd96b22cbfe6a66e2786b5d9e9465d57e05961129335ecfb
SHA512 94d4e015fd381a646cef2b989e97c364c42428e7c18c849183e9fbc0ec3c41a04a9fa36bafd10e6d5134ea5bf1cdd5ce0b2f1de29eb975e7f53b1a1f12512596