Malware Analysis Report

2025-08-11 01:48

Sample ID 241005-x5dbravemc
Target 8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe
SHA256 8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794

Threat Level: Likely malicious

The file 8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (1023) files with added filename extension

Renames multiple (4896) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 19:25

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 19:25

Reported

2024-10-05 19:28

Platform

win7-20240903-en

Max time kernel

148s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe"

Signatures

Renames multiple (1023) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\ConnectStep.emf.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe

"C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe"

Network

N/A

Files

memory/1756-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

MD5 1a3ee467c0fbe0cc99553ce3c015992b
SHA1 5e9723973a4cc52d9efc0111bcfc6d502380ade7
SHA256 8d72b47091f5bbc98e5a60a0615652c7763e20dae1f9359b5c402cb1d2e99b07
SHA512 32d60f8c462f7cca4374d312168c853db88f2daf68a70030ac3b9dc5c71acbaff39f7b3db70a135c970ae4e61fd82ea3ee5026e1df046185ff60f07a908765b2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e4c72d8942958f622651a31c2632c267
SHA1 c0800a22b0e6514ec2cda7b92e5f88224b99051c
SHA256 8397e214d882cf6ddb0faf6dc63e6db52023c8e4632c5128019a0cf630c3085e
SHA512 f9ef405605fad776c9bca49989c6e9cc1395354737546535fa16855a2a0efd794af504bc2d2472a518c085ed70884c4e99df797d63a8dc62935ea5a460b031bf

memory/1756-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 19:25

Reported

2024-10-05 19:28

Platform

win10v2004-20240802-en

Max time kernel

141s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe"

Signatures

Renames multiple (4896) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe

"C:\Users\Admin\AppData\Local\Temp\8278a4f01bd281ad207ce003ee1c53398c95c1b52ebe29dde3c90b24d6767794.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 153.141.79.40.in-addr.arpa udp

Files

memory/3904-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

MD5 fb8db64925e7df8dfea803ec1b89e41d
SHA1 63015681beebf66d00f74ba35fbd317aedbdde17
SHA256 e3bc2dfd0594a67e600b644a0c05c29aa72fd7fe6e164080a5b474dc9d4c5ae7
SHA512 993f2bfe4545952844459562a8512b1b89794d10fce0923dea113d856ab6ec7a20ebaaaa35bc5be3a9abf0838090fb46aee7791fc2a5a997838b10c3281301a9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 819cf373e5b6d393f4836cd7bd06adaf
SHA1 2f6c85e6d86c8c394e74d97e96d9136f3b15a8d6
SHA256 11b74b2cd2a26e2b6821f590eaa308baaad2128f3ed1df183e77263c36f0c210
SHA512 4a5c0cc2198b4ec593f100cddbabf0288d0cc887805737eb27a3ede2cb7ec6e27fa82521e1e5d980eaaefa6720128bd48c0cab1745de9687279d77de7b9c1abe

memory/3904-874-0x0000000000400000-0x000000000040A000-memory.dmp