Malware Analysis Report

2025-01-22 19:56

Sample ID 241016-wx25gathnb
Target 0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN
SHA256 0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525c
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525c

Threat Level: Likely malicious

The file 0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (2857) files with added filename extension

Renames multiple (4375) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:18

Reported

2024-10-16 18:20

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe"

Signatures

Renames multiple (2857) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe

"C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 341065cf950e7cc06a4c534a44a17eff
SHA1 c6da4e358a327ac4d02a0c495f8e7708b67db1a4
SHA256 ef86452d7bba22cdce3390d036fe58df7c24ed2f0b63a64789df6be81a69710b
SHA512 3a10ceb624185217c0c27e3a864d5a4a7dcfc2d4bc63b918a5182e4e2a00c5dedae51ce33584e8b2e4e5a1e69387c7a8d7d6cf7bc1a89b85b934527e7f398850

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3b935423071f53a522b34be36e4dff4f
SHA1 717e2947faf3c12cbb74c4a63791fa866ca35c5d
SHA256 306c7da1c7949fa755b5248e57d61a4bc9833100679cf2b2d12255f7181b13df
SHA512 ab86a3473ec85fd0a138c02f9ae508eafa3fe1ae64a70b07363d93a55c69499f24ec815f0d25bb317fc6d25070b4ed49b662158f384a00c8b41a930bcd5ea8fc

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:18

Reported

2024-10-16 18:20

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe"

Signatures

Renames multiple (4375) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe

"C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 33e6708d35e0747abc4633ffc330c0e9
SHA1 acb2c449643dd50726a2f6af12615a3027febafb
SHA256 a80f666f4708fe0daa20c8f90c3afe6232e4a710396c497e050104dcf5698329
SHA512 0d0ffe35eddea14d58ccc4398e5e745db3a98c06afc289f8d317217940899fc94334f63e2a452991337230d81ad8324ef34a4301e86bbd2f5ac08ecda748ea3d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 339b36d9da83153d799c08c4383abaf5
SHA1 761aa1b8ef61c8c3247662fc1a1516e17f0a8f78
SHA256 546782dbb9457d005a9637bb7720f2f7f8a895f9b5b41d93e783653b5fe23703
SHA512 3b28c2997592e972710a3c9e0b08028e0ba81968835c62c6843f867539110e6b31c3d3b8eba88384a4a90db258c29887524f7c49cbce6206c585550db366a653