Malware Analysis Report

2025-01-03 08:31

Sample ID 240610-3kxgsavfla
Target 7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5
SHA256 7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5

Threat Level: Likely malicious

The file 7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3769) files with added filename extension

Renames multiple (5189) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:34

Reported

2024-06-10 23:37

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe"

Signatures

Renames multiple (3769) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Defender\MsMpCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACECORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe

"C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 8877eaa48e6169d8bd3bcd564a6a1c56
SHA1 06364b3cdb554b46dd9215de20ea0867b711aec5
SHA256 308d3c857a8a2caebde5f548cd1c6f236affa4dd47008136d1e1e7d4777c2ca9
SHA512 7d29a7eea1d7aad12fde6dd32410d50356d0997651521b346de2ad3a6d57fc089a53af9cad2428ea02bb253a40a816a61b14748614d48ca075d380d295998622

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 052ed43420aeee49f14ea892b5a57c22
SHA1 e9d52492d7c9e0531c722dcb960c770861f96b7a
SHA256 76c4bfd2ac0f5e6a9b5ab50d578de354bfb317384f8a6657426765df2d04a1bd
SHA512 67c2f3f431aa31255b3546cad565982c6c26ae83006d1ad98b55b026d830a7785da68a9db843bf67737df54266a0c3c5abb3527ebd2d8d4b9d7425c1e9430290

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:34

Reported

2024-06-10 23:37

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe"

Signatures

Renames multiple (5189) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe

"C:\Users\Admin\AppData\Local\Temp\7721d9eb1670167c1fef680e800f74a1c0048304dd120c8a605746e14f6307c5.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 e1869c7418e602d6a71169291e75fed6
SHA1 03304f0708cdea196090bd5a929a3fd93c4d61b6
SHA256 84b3500762af5171596fc9c315bddde754e9afba9b5eed3f3bfddc23157520ab
SHA512 e6c97c19480c0c5cd381472856231e9ec58c7f4dd748b2818e5682d3777a8274187b887db6d3d69ab6ded7a8c5f75f24a560129b2864e2016393484fb5b2f93b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9937decb92dc17389648dcdd1931526a
SHA1 4e6bf9f85de44bd03da702dcbdd039bbc66d5d37
SHA256 64d5b95a5f44dd78b6225a4fa171db11325109cd55f556e54d5f728f005e6cf4
SHA512 15289e315888453b679a007534052ddb0497a91431184290b5676ee4ede09d50e396ca0047a51fc06603e63a35ae320f10fc65c9f12586593dbf01e2a83ff51b