Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-cw43ws1fmn
Target b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af
SHA256 b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af

Threat Level: Likely malicious

The file b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3478) files with added filename extension

Renames multiple (4807) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:26

Reported

2024-06-11 02:29

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe"

Signatures

Renames multiple (3478) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\FormatCheckpoint.crw.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe

"C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 20921e67fca906cdacd565eedb205fa8
SHA1 c475ad221752cbeddb29581057a7e2b05a4eaeb2
SHA256 de1526193e8d28288dc14932c2554302a17504876b01f529aef7000e500f2eda
SHA512 d506d6a80292edaacdc1b84ac4bb628409a964ae0279614dff03ebe7e9ac90c556b28c4c0d5cda00253f0729d21723aa0e1afbc4f719806449a89164d0e8f4c7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 24c4e7cada57e96ec83b003f74621262
SHA1 ffde654d13b38d95c2b73c0bd05cc234e7be03fe
SHA256 449dfa9faacd2f8452fa311e13d2fb02dba7de28b23f13f98ce7363e50925c0f
SHA512 b954d9865e973b771fe9a3acf96d029917383905d7e6fba2020d4f9f75b17bbac6cd1b345f665a19f2bb614b4c3320bf1e3f7921f09da4a048479963d8dc27c0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:26

Reported

2024-06-11 02:29

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe"

Signatures

Renames multiple (4807) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe

"C:\Users\Admin\AppData\Local\Temp\b7f91dd964de6b22cad0c721999ec8583d54395e5b3037bead3a4112824087af.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 f6f94a75fdcad54f184d199866c2fd40
SHA1 7297582a089a0990b4087e287c74d1cae1d06d60
SHA256 1e2a0340fbfece4bf031eb739882ad56e77027dd96e5507f2306c385a93d7b30
SHA512 c95d6077867701c3f27f2a9ac3d6400e02f421ee21c0f099fa5cf33465a59d2a477dc57dc2ddc382cdda1fba3915d802e8ae0f9e38e0237a36b099ff0fedbdae

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5dc8afb35e55f9a17e38cefcfe6927d0
SHA1 a5fb3ab7c4402c37487e1e5a1e530236fceee88c
SHA256 02f8b4a8dba5feaaa7b55f9379501c650d9edb0b46621dc0331de1a7113258d7
SHA512 3da42f80cb1082028de94e6f959d6d34643ea5822bedf15b6d6429ae2827d8039b25bcce249bc34b0cb10dd174a03b146ddeabb2c7b7c892eecd20e72b408f72