Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-mn9nhstfkh
Target 78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN
SHA256 78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcb
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcb

Threat Level: Likely malicious

The file 78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4651) files with added filename extension

Renames multiple (3179) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 10:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 10:37

Reported

2024-10-06 10:39

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe"

Signatures

Renames multiple (3179) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe

"C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 0f6a918cbd6d82b4bc14236b1b3b4a3c
SHA1 a54f1584749ed83fa77eb419609a0b419c28fdc7
SHA256 a5924cd2743568b517d173faaf84f8c1e11390bab49d5eae80f62bc01588dfad
SHA512 7896d5cab25a677d63e75529701faa74fddb8ed6c67524c475bfd2b0d3cdab4582ac5b7454bd977c23eb55cb045db573ae4710ea411d5feb430fccfaeafea5c3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b1e93b9efed30738584c43fb7a5a56e9
SHA1 553c7f271f7d17ff9ac8f297c78a1192b69b56ee
SHA256 4fd24f699d08eb8f9322e37af49becada535e5f50ae0512b158f537a5197eb94
SHA512 c23b073647f4217878aa79cb1ed9bf4f0bca8c7e79663862e6516cd51fe5a6bb144b4207fc2d03af5f172dafa85bab2e31cf0dedc107324e249cb615deaebfdc

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 10:37

Reported

2024-10-06 10:39

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe"

Signatures

Renames multiple (4651) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe

"C:\Users\Admin\AppData\Local\Temp\78c31f4136a0a20770e037d0a3dbb2a57de71209da58b9d6b2ca4488b0a49dcbN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

MD5 f0e63b710a796fa2a5ac88567c1242b3
SHA1 0ce6d9e1347992e29adb513bebea439287332f7f
SHA256 b13ee07f3917098051908c8e123689a02f16d27a04e51d8cf0d3d5e682c82345
SHA512 6a74b1b342467324c94a56ce3bd151d43ae1f2b1e33972acf56685ac9369d46d361ca6c206d30a836accb39ba6a9242b618789cf0b6cf12f7fc2453bb6b52ad9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 aa11022d275611c764d0617096b2ff80
SHA1 85c45de699a0e5062237494b043f35ed05d5e298
SHA256 5e014b030da514468b958b3a4684519b77759a8b59947454fe802ceea8b1db2d
SHA512 5c469bdd9f868662f2b97d5ad56d8452380f64529c3090c5c13994602551719dacbb71c7bb81a6f2abc02ca3918e3beb28078cf83d231e6415c50267b83ef82e