Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-yf5v5s1ajl
Target 7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N
SHA256 7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079

Threat Level: Likely malicious

The file 7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3055) files with added filename extension

Renames multiple (4576) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:44

Reported

2024-10-05 19:46

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe"

Signatures

Renames multiple (3055) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe

"C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 a9d1ca0e8420b0c26ed7ecde6613c95a
SHA1 9680287f3fbef60ff3909ca8a30f41e49375c3ca
SHA256 e8fedab7da9e071be570eb3c4776a751bea81eea8f522ec392369a586b5bf6c0
SHA512 7bd7e0d9b119fb8b0d0085627be06c312e20fb97dbb3ef553de6d9a1cab08267693ee3724203e4d0412a97dbe30570216fcf6df4cb5d431e261a6d04343ad070

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 00fddf7e1793cbbe1c78798b66108629
SHA1 a896c9bfda3db15f3edda844c092aed1c2b2a7a0
SHA256 d45f94488cd3534fa1a95fca880bd21bafb693362d77af23f527e2c747ff175e
SHA512 dafb084e271b0d32fedad8e43c05637a163b0d364e368888a6b140b423771932d1b2f80ac4ccfa76e7970aa369c439cc170fef0304781bf439c30f4cff373a38

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:44

Reported

2024-10-05 19:46

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe"

Signatures

Renames multiple (4576) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe

"C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

MD5 b67c7a000e4f9d42a1bad234652e4b8b
SHA1 044725a860014cd74638854a8aa5370e14167f47
SHA256 ca91073c8a916ce59203b7ae1a886c6739e2942d78b6834b1fe2b73db3112e3f
SHA512 7af044209b7d821061bfba68554ba84ff2947a31cc910c0611cf365e431c1b0e3c88ac9f3a8321ec738549a43374ff0de3a3385f89078dae6eda0f269b71d9fb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 53d117d151b535aae326395abdad2d6d
SHA1 416be11c11cff6c7d62ad1d3f9359289a1b19dc3
SHA256 7f31c2994317be39f7753db5dcd13b034525128f117e4b4bcfeff376c54f35a7
SHA512 5a143d8aa209ff4af679db3e7d62e29e9c84edd1a67ed415b1d05569b99f3f79092d5cefa6dbeba44d6e69b49e8d5dbb85c0fff2103c0706245ea978c4732932