Malware Analysis Report

2025-01-03 08:31

Sample ID 240610-3wv34awapg
Target 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41
SHA256 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41

Threat Level: Likely malicious

The file 7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3790) files with added filename extension

Renames multiple (5122) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:52

Reported

2024-06-10 23:54

Platform

win7-20240220-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe"

Signatures

Renames multiple (3790) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\FormatGrant.vdw.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Defender\MsMpRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEXBE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe

"C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 cfb70b5bbbf15db464588baaccdfc47d
SHA1 cc6a96e06a13180913327471aeec753308c560c4
SHA256 15c35faf2b4f72b06bc0a8947dc910001e6bc8d344c890dc4301fafca6c02f08
SHA512 253415f60b31fdbee550796a3f018360b0702ba4a415deb047027dea19a0c8712b1151e787afd71d678a9edf26a08d754deee7b1f0e38618d66bebb7da05e5a0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 efad9211f947003aa2e8c51be80c9804
SHA1 989e0730bed768fe1ee622851cabec7ade1efa7d
SHA256 8a1331ed8930d5f36da969207827aa682d4918142d04264f1c46ec59288f88e7
SHA512 481ae556b122a5ce2e0eb0abd4ad9a73b14741e130db2faec00901b8b0d88c89837f778b770294132a2a8d51a7ca3c5a86c439fa135d2d38d6423bb20c364b6e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:52

Reported

2024-06-10 23:54

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

113s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe"

Signatures

Renames multiple (5122) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe

"C:\Users\Admin\AppData\Local\Temp\7d2fe351521a1294e754a1732e24b7038266c741f5f9c433462c5c5d0271ec41.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 931543d14badfa279f667bd13596d4f3
SHA1 5385bf0bd00f86db8ba1edf9c41b78316c162e2a
SHA256 b0f77e3c999864f92c11134df9c235fa3f4655a8ff703ff38bf97e078bc7f527
SHA512 8953113e0023f2a9fb05069eb35f7d976720348268ae76b461e54d63eadf614a8301de45fbe8bacdac96268729ef88bc3bdf17a5ece477a710fbd56e7b21dcef

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b7d8223c3a3c19f00579617343e4764c
SHA1 a54f68af4cd2396867849d19fea3259a0d27afdd
SHA256 e3ed55e3d86b89c962223cde38a21fd57fe08d3327a7ca06f01a794eab82b11e
SHA512 ae345f1b0757da8afffa712f1e9cfd01bbd1413a9586dc4b29b9285ad95d3d7bc329805605686d2a54d100ea1ba8277a3256513d7cf714ecc113c3efe56bde49