Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3crassvgmp
Target 7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8
SHA256 7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8

Threat Level: Likely malicious

The file 7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3789) files with added filename extension

Renames multiple (5329) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:22

Reported

2024-06-10 23:24

Platform

win7-20240419-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe"

Signatures

Renames multiple (3789) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEREP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMC.exe.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe

"C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 88c8b457a90a25a744cb8d34ef755a74
SHA1 c54ada920070250a5fbd6403ac048cf379361bd9
SHA256 84e17bfda570eb07e8631992bdb843f5adfc78a17306ab769062d567033ee734
SHA512 cda9d9381ec80918e790d55529088e333cb426182e2b36353794ec2787094f84de84f4b6fd7c42d1d4290d3463f4eef0d4f44f4c82ba256de4989e8fded50c69

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e028eb74946ab7d96c894a0bd065201a
SHA1 4339b59c803417c5d8e9c5302bf01128c5bbd4a0
SHA256 8981ed046c1f49b17a061e3f9db385669ddb6739cae8e732867efea0f1b54f43
SHA512 efd94c609b76bed61c95b746fc847c7c3733f259cc58b91c7df0dff340cb4629a6db1fe66dc5a4930aea44bdc281d029dcb71f78afd1df63f6d639ba3aedda3f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:22

Reported

2024-06-10 23:25

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe"

Signatures

Renames multiple (5329) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FRSCRIPT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe

"C:\Users\Admin\AppData\Local\Temp\7192f67d681b99a608987e7d9c6fe50c347a7dba913b196413d24aa0f59a71e8.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 98f54af2cf999e0f2426181f4eef76bf
SHA1 722b1bb837d64b668c0dd139a069cfdac29af127
SHA256 254eae1fcdd6be88ed81e7ce7a1ffb44a73eac0b947353fa2eab4d58cb3318b9
SHA512 5d8db8df2dca82b39769f42b23d1fdc5d8b00fb66a5224935ffb38fe914df4ad00c4525c73346f406dd5c29a087402fc12eba8e50ab746ad5b28cbacd1a70346

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9ab9984c0ca07336233f7c7caa101f11
SHA1 eb738242feb8ffa46de37d6957f6331c088f599b
SHA256 8d0e5d66aa2aa7a684b4f3c57af86fe6084cc1c86c67b8ed8302c3c2592ed2a9
SHA512 ec2c700c5f844d3027bf2471a1ec0df77e6bd6bdec72ebd36115c7705965e520ba46621c398c4935471524ed0879037ab476b938fdb3cc6c95ca8d362799fcd6