Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-3nh4kawbrk
Target 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1
SHA256 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1

Threat Level: Likely malicious

The file 78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1 was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5185) files with added filename extension

Renames multiple (3778) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:39

Reported

2024-06-10 23:42

Platform

win7-20240215-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe"

Signatures

Renames multiple (3778) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe

"C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 d247520b64081c63ebf9fb36cb64b579
SHA1 63dcfa71a1b5efea826116ec1887b57b9458ceab
SHA256 58f20aba5e89dd9cb446032513c8b4464040a5f3c23186424d8096305fe9ce46
SHA512 7f0d29669b8d4e4b78962d0b7cfa2557cad87c70b326204a4edbdb182873dbe30fd6f4b11cbca541d3a555a6e4cd3a6a32206ec76d537e02aa771b373144c298

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 da957d8a73cb65fef3099f0029a5169b
SHA1 73a6f735d46d4d6f5e863e1b1a69d908ad937f10
SHA256 dcad629c75a32746089074f87b4b731e2eb2eb83354a3d2932dd8f34780652bd
SHA512 7353cfa22578db3edd4263b3c141f151ef84368330dfab637df66f225528d86be85ad7b12e97a4a899eef59f3976e38c438152f3afe52c7683b05813034615db

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:39

Reported

2024-06-10 23:42

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe"

Signatures

Renames multiple (5185) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe

"C:\Users\Admin\AppData\Local\Temp\78e5c3fb3e689818e72c008a8a763cc0eed95f0a04aa8797844185d1063254d1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 c3eea1dba51168382e157d6ac146d017
SHA1 05d7ed4f3114ac06dea8f1e15855b4aa530e3113
SHA256 b40872b7c550c4ea570739cd291acb5fa2f3d52e9adc0339d5cd40da37723e51
SHA512 868d70e6dd98b97432d37bd467c75a793219f43a23c3525942508a36a5f7fe78f3be4861c6ead57991ef15c726a2d9dbbccfdcc6cbca62d95c19b83bc1e10fad

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7317591909127719abb08041b6e6e663
SHA1 7bb58d198745301f4e215edc98363f1a783fa00a
SHA256 b7f00a6d872762d06e1d333001d773a59a4da8e31cca13541424818511e8b6b9
SHA512 da8e6e4d0190e3527ec292dc01060045c0afc66f9795c7c1d85a2a9702d8503ca7d0f69ce702b27906fb0b37d7452dd760b457f7f555606159a9c65bc0aed7cd