Malware Analysis Report

2025-03-15 08:22

Sample ID 241021-aw277a1dkp
Target 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N
SHA256 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315

Threat Level: Likely malicious

The file 78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4726) files with added filename extension

Renames multiple (3461) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 00:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 00:34

Reported

2024-10-21 00:37

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"

Signatures

Renames multiple (3461) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe

"C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"

Network

N/A

Files

memory/2816-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 ec24af4f52c9442bad1cec63d0a748c8
SHA1 92dee1f8232d966fbe8f18784cdf8f7d26152a7e
SHA256 4c949c712916bf5d76b323e4ffbc5a221a26b86aacaa3512134cf7793fe9bc7e
SHA512 d6f5694464d9dfabecb7ccd1d650f6a5a711c80c561a7cf3a380b9a98c87de72eae17504163f2151f3b6283b9cf77df62c8bd9d926138d763c2a66259d5d4314

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0eeef4f75d90014e3893eb16e9d65300
SHA1 cc6f195456f15f87c870e30466bd3b36573a7d5d
SHA256 aa6ef0577b734a4d44f1979f0569078fd14e61838bed54009cf77e220e984e96
SHA512 42bfbf33452fe21cb0f62af770e6952ecf4865f5a620d1b82472ce995d4578b52ba8ff1ab893f3eaa6addd7bb4bd1ac63d97e8172f0e3e3e71968935d768842a

memory/2816-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 00:34

Reported

2024-10-21 00:37

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"

Signatures

Renames multiple (4726) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\7-Zip\Lang\pl.txt.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe

"C:\Users\Admin\AppData\Local\Temp\78cddecc1b17fcdd1b874dbccfc4494494712349f79c488a5676ac46bceaf315N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

memory/3496-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 d72ca8e4c87185db577e9f7295292dc6
SHA1 e65249788babb7618d6a4ccea0a5c86167be4ac2
SHA256 537ca791b09cf72203cac5281d0a7c74ee95d9627cd1a93c37fb127e2c5e5955
SHA512 3a4ef89ba191ddf71b674fbebd964a3eed7cd9c5343840cba65e39e968ae8bbacf213e51264397587a609bca719a4b6a0160b58f5cb99fa6a4b63d9e3af25360

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cd24bebc5601f317a1cea7ce1f2f6230
SHA1 a2aa24da06fc998acc8c3564c910edd3ec41e47c
SHA256 d7dc861e0b863a16a9cc822d94fdf71d2d72d2fdbeb42244dbbc9c98bd410e81
SHA512 ec96232bbd82669458ff06bc0a7f624c3e80f6c19704a6af33293807ebe73f4fde7845a22b2c0c6018f2d184dd597637e110108efebfe100423cb1eb9eb1cdc8

memory/3496-656-0x0000000000400000-0x000000000040B000-memory.dmp