Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-2slvkswdjm
Target 78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d
SHA256 78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d

Threat Level: Likely malicious

The file 78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3516) files with added filename extension

Renames multiple (5030) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 22:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 22:50

Reported

2024-06-16 22:53

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe"

Signatures

Renames multiple (3516) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Journal\JNTFiltr.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe

"C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 33fcc8ded39a59af0cf9f82526a30bf9
SHA1 da942b45f27f79f9b9901afb125ee03da1a3a63c
SHA256 7bb0884a4d3b66d1f98ef63d44fca1bbec48e66c07d19521fca2a9cf44e07a68
SHA512 0676cd2ebb77ab58fc0f1e27b72d3089e8574e935f2e50dc3c059c52c31a953fe7009b1ef260afa4d261704eb4d39ca20f4dc4ea4d2ab0ff5964b50ad17434f1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 326e1e9fbbe8f4e50662796303ef301d
SHA1 a449498bc5e2717ea1bedf398042b271b54951f0
SHA256 0f01bd505a7205df5354d38e8a0971f2134704170058435f01f07c4698679972
SHA512 287a02ae1aa53a3274dee54c766a00ee3031e5c5f90b3328dc6e4a1470efd70a0777e4821e4478e3e7e9e2de50138c90141e9f8936332f663d1271370123ab35

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 22:50

Reported

2024-06-16 22:53

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe"

Signatures

Renames multiple (5030) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe

"C:\Users\Admin\AppData\Local\Temp\78df6bbe4e69fbe8b91bce221e7ffdee85ab590f605b6b838ca737bff657d22d.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 6489c6542ef70b46df5baa88f90dde18
SHA1 e269d0dcb8a028af0be45b8ef259eeaa39f5ae5b
SHA256 80bf932c723fda8b23db94f1ab31bb24ef88f0fc4993ab6967a09adbbe807654
SHA512 65782a170eb29f33df29efb353feaf6e3435084adf93afb330f8de5cc27a898e037c14c71d533f60dd8db3294f1ef73ec5e5a4f1f11a074657e975582b7477af

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 dc334f774934f7df25ffa356c8987dbf
SHA1 a82addc990f6037d5b7e207ad46a5ca095e22ca2
SHA256 80b37311b1e92c05169f1f85e8835c556575d46e15e32288de41415f4e92d367
SHA512 b80a5cf1c739f3e7099985acf8d6d9f9dc0a5deb384ce481ce883b53a9d490545a7194d5af36e980cd479b2090ee22479b35e98fc88345b39a5e18957a15d05b