Malware Analysis Report

2025-06-16 03:34

Sample ID 240608-b7vg6afd2y
Target 1b36162ad762d667dc8d71b1c31aed40.bin
SHA256 d1c54c2b333100d19458d0fb2f37f20c1199e3200a4e535e4f7ae0439b325b95
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d1c54c2b333100d19458d0fb2f37f20c1199e3200a4e535e4f7ae0439b325b95

Threat Level: Likely malicious

The file 1b36162ad762d667dc8d71b1c31aed40.bin was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5199) files with added filename extension

Renames multiple (3845) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-08 01:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 01:47

Reported

2024-06-08 01:50

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe"

Signatures

Renames multiple (3845) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Windows Journal\jnwmon.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe

"C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

MD5 e640b3c7c41ea4c91cb8e7bdbf83a22e
SHA1 35e559e71a4f3607ef5475f5004335c00fbd1f0f
SHA256 cd8700c925047647f40e656b717354274da891d78d41d2ee540b2c3dde57854f
SHA512 297e344abded2143ff4db8c85e650e452f7d5412564d09c7cd6500c4f08fd834eb637e4415834556b5de1234031ad4f9770ccd5e76b76b60553be547f8d75b62

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 777b1ce61784eaa32ae68854b364e3df
SHA1 f81ca847223edaf3b554336c6f06987f009d7f37
SHA256 b85fbede67a8778a690738d4f852b033b3c7cca22e85f2d918a78c5db3b1b37b
SHA512 3a258fad744a26dd58a7d5fe21ee63b9d8a086237a4bde69de6155769cb772d9449b3d93a75815587e4fda1186dd80a2e6e1f1886d34b9f37789a3ae4c199b34

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 01:47

Reported

2024-06-08 01:50

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe

"C:\Users\Admin\AppData\Local\Temp\1b36162ad762d667dc8d71b1c31aed40.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 ac46620fb64c6a36107d42b3fd21d2f6
SHA1 70d28df64426a04b1e874cd4b064a73822d45bca
SHA256 1cc7335e4cef356cd86a03fef8cc00de5efba69b1b3e3447b15de5f16612af12
SHA512 e2c955b749ceaf773d42dab6db4b2e56651ffe61a96d6394f07816a56fc5bc3bb2ed7663616aacdcb7886169672e1ae2d2a8e10c8f191a56f7cd984d938ff26a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2d6e7d0a216c802c6c61fa0a880e31bf
SHA1 3e371528828bf15c1392d0ca0b79037360ba9883
SHA256 73c9aa52748f9f3aa7764c015e5446913c00ff5898cfb39739ac53334634d8ad
SHA512 ef0dc4f4c1048faa299847541d2be8054413b169be0c8720f3a21e779f9c6c41677a1dda856cfbb1a795e2ece0239d95f97c1392d69abfb623fea43662418273