Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-lsrsts1hqe
Target b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N
SHA256 b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6

Threat Level: Likely malicious

The file b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (2929) files with added filename extension

Renames multiple (4533) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 09:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 09:48

Reported

2024-10-06 09:50

Platform

win7-20240708-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe"

Signatures

Renames multiple (2929) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Mozilla Firefox\application.ini.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe

"C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

MD5 521915ab1f882b1328489d34eae11e90
SHA1 848e30a0df04fc29fc3830c504bb1683c316d433
SHA256 040ab01bfb642bcae169587d0357cf581134c3e7d6ce93b930ddc6b9451e4e18
SHA512 4c237b23a6065e5fdc4b22a141082aa3d282ea7f811816f24d28ebdf4621e693701ed60b3cc23e8d34f6d7077b7ecb8c9f5fab4b758114b9a81784dd39300cd8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c89b58f5c34b8bff939fde3fd0dedec9
SHA1 a5c8137d2a3fac665e163bbb98099a34ec4e7326
SHA256 709c3e1a35d0e3180bbb4450134b73b0c650168612f976256d88d2aff0eb7126
SHA512 ba2e71b1bed5d07be307c3ec55dd2c9807294b75a57904a0da0dafe13f1592b8bb345fa4194c5d9c55bd0846f8d1cdd06a1b7a9810fba2f387ba8c80e287d795

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 09:48

Reported

2024-10-06 09:50

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe"

Signatures

Renames multiple (4533) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Crashpad\metadata.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe

"C:\Users\Admin\AppData\Local\Temp\b7797e6bf1174c37293f59ec50a10769370d8572b20a23963d0f9ae64490eda6N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

MD5 ec36df911e69e626e5c4ee0d8a6c7264
SHA1 e7f6a93888975dfb8241112ae49a82e3d0b8bf0c
SHA256 3f77c20d1114db541c1be85bf3f61598cbf30ddfca1eb6017b5f3142a4845e40
SHA512 f50624a42afb9389de330e57ef4d70cd6d7f20a03a49936bc5a0bc945e08a287854f4cd8bc5b85aa517aa0461d00c93e504f0aac5d68e4d93335d5990f7b3fa4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 743813db55480546661a14187077fe57
SHA1 450866ff69cc1895dced589b453a6cb5a49bfd03
SHA256 8472f035fcd8fc5a7da9084f95ceb596fe1f94690e2ae55bdf863ad86100aeb0
SHA512 2fdb4abb0ce17c89283ea1bf278520ae2d3521e01609293b384d9493594573336f449d48e69dd4bd58f374ee37547e0180f51c70612eecb0f91bf8d6965be851