Malware Analysis Report

2025-01-03 08:33

Sample ID 240610-3lz93avfpc
Target 77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5
SHA256 77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5

Threat Level: Likely malicious

The file 77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3515) files with added filename extension

Renames multiple (5097) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:36

Reported

2024-06-10 23:39

Platform

win7-20240508-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe"

Signatures

Renames multiple (3515) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe

"C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 e8caca221c069929ce6c31443221bbd9
SHA1 71113c0e573ba94dd04974ebaa69e25f170837a7
SHA256 fed5a459bd61e12b05e98ee602f544a60c7d607149b02bf59252353c475ca165
SHA512 b4e5c9ca9a60fe6e8ac29e29d7d21c1e82e446e2d05a5c4a807898bb2900e05a342cf5bb0f646f00f630a749b6ac480cedfb483d1bb381da2c8ec4a457149cf3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b97a017b5c40969ee615f987e8ca3d5e
SHA1 3c0e49885519cf251db984c08ce85aefaac725ba
SHA256 130144bf224ce0a3c3d4e60df0baa8e5c7cde27fb08df2d03da0f9396c36c5b3
SHA512 b5a3d5c0a1fc3da28c9a5633f263bc1b53e9e7d7017d5b5a25a30654c3d31f47143d7264253426a0b4b28e69e3e8cd0df1ffc04a0c3dd689b72108dfd5797d47

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:36

Reported

2024-06-10 23:39

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe"

Signatures

Renames multiple (5097) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe

"C:\Users\Admin\AppData\Local\Temp\77fd71ce9e595e2fe6be85c83195c72f6e5d3ba2ffda8632ef99fdbd3e9f58c5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 4669f39568a1082088b2986109465ae5
SHA1 75b07953bacba045c948e839870a53790c724ab9
SHA256 fce17d04efa8f7b423e5a2f33819865f1eede06ce87ba0d42f6102be5a474564
SHA512 e4b68031e2234c5bd4d29416f3d3a3e819ac0bab56b7c358dab4752617e315bd3d8de8c85d407e03d846960fb7dc3ea773c028d89936a18db2ef505ab7dc4c68

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d237d19df2b28a4ed66eb347d9d51df1
SHA1 375db42d014ac7511bd5951ec3203a5ccaa0f0fb
SHA256 78225b75cb5d554e63aec99efa5228c68889ae7e320604d0833b7c47fe8d1962
SHA512 2996db31067fcf4c9f2f6f8e022449445b8f99ec2860fc7dca5b3c73aef47dc427229b003768691d3f6b39db30da3a3d6e6e75d4993e271c89c11e7b1235ff05