Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-ge3kysvgqg
Target 77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N
SHA256 77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672

Threat Level: Likely malicious

The file 77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3171) files with added filename extension

Renames multiple (4647) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:43

Reported

2024-10-16 05:45

Platform

win7-20240903-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe"

Signatures

Renames multiple (3171) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Mozilla Firefox\mozwer.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe

"C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe"

Network

N/A

Files

memory/2912-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 c902ad23fb6dc223c151e34e87720a52
SHA1 78fdee468124b31e48c94e9adf9cca56f42346fc
SHA256 1ba566f99b1e613e335326112f226199d44cc0ef001af40d9580ac5849a57229
SHA512 05576681612b7c0d719b01d84968590de76a48702a478d9bdc58da82e325a3e0f71dff81af527c256bf54659ee16556640bfecca03330963a5803356f8bc7327

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ec6dd9d7f764be133a0da0b33ddafbb1
SHA1 b18b5cfabb0c65611d4fbbfaec44815588536cad
SHA256 3ceee77428551d8ca89fd24370f634b9fb1dd94afcffce9e9369c2beb158f8b3
SHA512 0476bea2a727124ce7b387830498ee027cafa4e8527dfd7deebc34604e83a8d0fd56533ef205f762bb3bd6f110d92d4ae48d44070dbff241e0d13fc7fae0779c

memory/2912-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:43

Reported

2024-10-16 05:46

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe"

Signatures

Renames multiple (4647) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\DenyAdd.m4a.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe

"C:\Users\Admin\AppData\Local\Temp\77d9176d5814c15504a9a63d08bf598240bdcef68cda156bbd584775f2af4672N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3992-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 63a9504e0deda8c41774f96eded68532
SHA1 59146a373a17391d8ece554618c09e9a9444686f
SHA256 1d9690a50c92fdbc41d647aab8579fbdff3da5418c7302f1e9e919a03922baa8
SHA512 40d7a376eef81249f315535baca71e2c9a7299e968773392896dc0522c3289c905e4a02bd5458f5169315707a2f52d4ce4454336b208c430a9a371fcc33e3422

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 dbd5253300b4e3668e6d6c8778e9bce0
SHA1 f1aeb5364d637b04d3fa654cd98e97dcbdcb4a5e
SHA256 34358fd9926d2206c771225059ef12acc09c78e1d914c35a7e83d1a5f576aad0
SHA512 cc92f02176a4577eec812d6b806d421ff958e611fd8beb639088366a72558d56a5c21c708314300d343d5bead4003e8ece18391e71114aad768aca836c85f5a0

memory/3992-784-0x0000000000400000-0x000000000040B000-memory.dmp