Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-ccrcpazcrg
Target af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27
SHA256 af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27

Threat Level: Likely malicious

The file af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3740) files with added filename extension

Renames multiple (5273) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:56

Reported

2024-06-11 01:58

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe"

Signatures

Renames multiple (3740) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Media Player\wmpconfig.exe.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\PICTIM32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Mozilla Firefox\platform.ini.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.msi.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe

"C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe"

Network

N/A

Files

memory/2980-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 44fd22bd920ba2fa0b4525fe544fa44c
SHA1 8eaf5fbe6bd398dc6b26a1cf172bee08f82083d7
SHA256 62b3d9030575bad295d5096c290bb6e6aae6f7025898748f6895237e2374ecd9
SHA512 381e04ffba988158fcba50af1342d9ba45e6f8f9f070805b42cd9814989157f202c48498768a463fbb6b657180b0ba3424627e4cfb159edae30165023385d0f7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8b0fd75cd99821b52e8155b408f01bdb
SHA1 f9978197eb44e4f54e01a2d4dc8e1302b0c3bdc7
SHA256 06dd75fca9be5c274fed71ad4f6a8959f6cbe571d3835f5bd57fdbd69a4477f3
SHA512 d99e45554164fb36424006ea4ad4c33f1c2796a9b93bc92ee728b7070f9f350ffd8c29c198615f138801b1a99700ad9d0a4d138068c0ef8251223be2585232ad

memory/2980-652-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:56

Reported

2024-06-11 01:58

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe"

Signatures

Renames multiple (5273) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.PNG.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\DisableGrant.txt.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARA.TTF.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe

"C:\Users\Admin\AppData\Local\Temp\af797712abb5c8d83df6a13d7625b599713b8a1262314f035a25f68dca535b27.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 9c37650e8dbb3991e6bef133e7ad4c5d
SHA1 df6cb8f8c9ae70996af7a9cfc9ec107f8eceb180
SHA256 5612810a071ac4f09d9a4b3ea69ebd322b1630650e1c64c13f6e7d39d385fe54
SHA512 27e89bf96b8731d8d1fb3d70d6cd425eb5bdc3dd369896d5c9e426f0687aeb42891c9bb2614c5f9902bdcdc84c6daa8ff88a5b5038d437a7a648185a7506f193

memory/1256-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 db5b660ceaaedc59a50734b7d20d53a4
SHA1 ca899fac9b6514da8cb916922118a775eba45bed
SHA256 2d4f79dbe08f7a8f7eb9ca9f07b112c8b5794a03f45f9d8d5daf065417bdd0bd
SHA512 1932753d30f2849cf8c49316a15a433722891cb9286eac91ed847e8f05751dd20fb2e30bd1f23dbed9a67d8e0701ef15610a8081bde82b5b459219079e309fc7