Malware Analysis Report

2025-06-16 06:30

Sample ID 250515-h7xqvatsaw
Target 772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e
SHA256 772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e

Threat Level: Likely malicious

The file 772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3931) files with added filename extension

Renames multiple (3578) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-15 07:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-15 07:23

Reported

2025-05-15 07:25

Platform

win11-20250502-en

Max time kernel

150s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"

Signatures

Renames multiple (3931) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe

"C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-779059454-4269757009-3780780039-1000\desktop.ini.tmp

MD5 e25767c88994eb865801aa87bfcc2b76
SHA1 7eafe28930bb63e523fb2048e2a3268a1d6bc5cb
SHA256 04c73b8a03546a64c1bc5ced218a8700752a1a80c25bbee65d5f987eadb289a1
SHA512 72449d410e66e0af4856b77e5d4b7462e5592c92cc510308c622681ea74f6613f02aaae17b86944280577c8a4f6c74764a861c6d8eba7529eb08113fd1f41e47

C:\e62b36dd3cccbd0b2c8aefa1fa8db0\2010_x86.log.html.tmp

MD5 03c53f6d54e9fb57c4f2382bc9ca205f
SHA1 df430703a0c11afa500b35092a7d0f823242b083
SHA256 501cb01d57cdb95968747ff540f5f1e4e9d1f55182917bb9a86276e212e75b4b
SHA512 13e8bea849a7c6d8f43afaec85857fdeca847cbd71555c581751946e9342a05153169c9ce3141cb5ce0b4038fe8455bf9da0c36816a7f6cf37345c3736572924

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-15 07:23

Reported

2025-05-15 07:25

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"

Signatures

Renames multiple (3578) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe

"C:\Users\Admin\AppData\Local\Temp\772e8eba06fe5a14707b606e1649348ff4dae5c86018ef185825b8e4343ab37e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
FR 142.251.37.35:80 c.pki.goog tcp

Files

C:\$Recycle.Bin\S-1-5-21-2930597513-779029253-718817275-1000\desktop.ini.tmp

MD5 53f6a9a808efa864ccf407a184e464b8
SHA1 15991e0643f3bb25946789bed30915ca656f524c
SHA256 913fa4bd06701fb16e96878a8c13cee30dea8de164f500e29ed865acb17ecf35
SHA512 23b469963613af0c486acc1f953fe635888a866c7ecc74481566fa73c548a7f174860b0e52609034a5f29d5af4cccdee611ef5b043c0b11115cdf6594cb9bdb8

C:\6479eedf55783993fe56765264\2010_x86.log.html.tmp

MD5 fb5558290b8f5a4df6fb593b30c05a43
SHA1 3088ed96825a308930d710027722e4311c5a4bb5
SHA256 63e7320b14e884e121b53d94911eeda99fd409b5b590c4a603cae12db3116cea
SHA512 21657824bb508d91435535db9a4fb4926227e65ef736942b7d58f4200e71dfa87bf9118be75bf2cdfc5ccaf42b60533f42e99c9b64f8b3f0c116e5995cb532b5