Malware Analysis Report

2025-01-03 08:31

Sample ID 240610-3p67savgqa
Target 79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad
SHA256 79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad
Tags
ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad

Threat Level: Known bad

The file 79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad was found to be: Known bad.

Malicious Activity Summary

ransomware upx

UPX dump on OEP (original entry point)

Renames multiple (3680) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5194) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:42

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:42

Reported

2024-06-10 23:45

Platform

win7-20240215-en

Max time kernel

151s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe"

Signatures

Renames multiple (3680) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe

"C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe"

Network

N/A

Files

memory/1844-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 bb3adcb0999803dcf02d8a1fc4050300
SHA1 03d2056b979befc8b78cd2483d8665a7949e3979
SHA256 02e254fcf5527ce269543320b616f0aca57b1756d43008186c4fb41602b713d1
SHA512 16a006e2df5d81b6a55de0d9840f8403cfb1c0846d6200bb6e956bd3ac09bab6e35dfbeb949d41f2916fdb8d83bc3174f9f68d2a88bb062980d9e58ccea93fd6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f807a75eabc8460a6e4cd35bda30c111
SHA1 85e7d02f094e2d7b72d8b6906266df04be688013
SHA256 c1ac04fa379f6a5c03fe74dee748622143f795d21267c258f5f50258d99a23f3
SHA512 8550cc1b010c81bc2551eb9cedc2f3690f738839eb09448b891b48d543488e8dc373492318a9ea6900047e5da786644528b2435a2eb65639f922ec1aa6be3213

memory/1844-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:42

Reported

2024-06-10 23:44

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe"

Signatures

Renames multiple (5194) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.GRAPH.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe

"C:\Users\Admin\AppData\Local\Temp\79fc6ace5668a85e02e0e569411730054d312595cb2417e659d5073dfcde20ad.exe"

Network

Files

memory/2280-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 6dd2f41ef8f50153613383080c6d96ce
SHA1 56ef645fbced8f474550e71b36655fcdc6221240
SHA256 9bcd4025a0293ca4d94e7c13a173c3c0efc28caf4291558adbb9a8258731494a
SHA512 b5c895aa7063108d4d1e6a9394d507f6ebc662287a8a1c3caf442490da77785ab673ae7a28cc474b6917bbc56c9b595f1948cf1563539382a0974feaec860504

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 faf959053b447bb643241edf7e3668e2
SHA1 0641e3a842127907f64abc9bbc4a2e4eb1962955
SHA256 2879d0f21356ac3fd73fc540ffe3bd3f0b629c0b35cb19418d81f3fe3115a753
SHA512 99c119ede67530f501579633005aef1b8328476818fda617de768aee38637267fbcf4cacb5b1fe839e2c0bac403f9925022f61c1a556453efdcb91f6a5ad8ef4

memory/2280-1896-0x0000000000400000-0x000000000040B000-memory.dmp