Malware Analysis Report

2024-09-09 20:20

Sample ID 240614-alj9maxcpd
Target 7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa
SHA256 7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa

Threat Level: Likely malicious

The file 7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3434) files with added filename extension

Renames multiple (5024) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:17

Reported

2024-06-14 00:20

Platform

win7-20240221-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe"

Signatures

Renames multiple (3434) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe

"C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 730661ac65ee71ec7e8d46b27daaadee
SHA1 32a7c7390c4d0de31bb293edaa244fa85a7e5866
SHA256 b64c0f24783e254c1bf23ee002a5d901b48733c3b8e3e11f4a4ce4ce920ccc68
SHA512 3c0ca3fb09350ff1655aea889f317ede3b4deb5ee97eefc3b3968432dfef2b59b1f6fcb4da8f7bdf72a002e296b15f3086ac3bf0c3dac0da7fcdc87faa6d7cb2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ef129724f48e5de5776a883e3631eaf9
SHA1 5fbb9c6e6bd51f973ec5d2a8257dbcf433dfe8ea
SHA256 b0e8c6e4c4d095468da65e55bfa96dc0b098883044118d72d48cfe9f36f14f03
SHA512 74cd33293e09701095d2bc3d287efbcbfcbfc5e317c345503cf007ad3e53d53277b8b573a550acbe00aaacd398b64397739d9cee84eb3a60d8ec659f9c41553b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 00:17

Reported

2024-06-14 00:20

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe"

Signatures

Renames multiple (5024) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe

"C:\Users\Admin\AppData\Local\Temp\7787e95e7a8e6970d0af27e26fac49755f18778c3c4788fce66ace0118ae66fa.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 2fcb1675c8ec894576f128ceba5b75d2
SHA1 71a677890a1aabd3505f645bb35bc9acd15c277d
SHA256 f1ee5fd309c7f3a536659a5f7d86b4fe40806ca3cc9a992c399e043846ebffc3
SHA512 ba72239c70603f259d2d39bf3a6056259cc24e1cd2d24a7fd18edae15583593e0e543eef55520435692915dcbd9c9007616f292952b391df8a4fd796203cd0f1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cfdd34720a2ab02bc386acab7a20aeba
SHA1 94aacebbabb06bbdd70fe8bd70285dd8572bc2d3
SHA256 de35f6659eec5560edd54deac3e05371e78a164c791b72849d760ee3ca2c934c
SHA512 05f5a3850371c827120fe56dc460cedeb9602ee77c45ac5a155316ffe0eb300716cd05979d0ca0746e1e876aca6af0dbb7f92d5771f5d39b9f0f2a19a4a5606f