Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-ez1wrawgjk
Target 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N
SHA256 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2

Threat Level: Likely malicious

The file 07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3453) files with added filename extension

Renames multiple (4636) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 04:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 04:23

Reported

2024-10-16 04:25

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe"

Signatures

Renames multiple (3453) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\SwitchCopy.m3u.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\UnlockExport.mpp.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Mozilla Firefox\precomplete.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\UndoDisconnect.mpg.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe

"C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe"

Network

N/A

Files

memory/2668-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 d74a9210c306ae32c419f51f34021a62
SHA1 68cac1f1278eed0dd2d7fb4bef25ffc4ebe84b08
SHA256 0bfdd3ed56d9011549bffe711535fe6068f1ce1db59e314365448404038c0594
SHA512 5369ba8622addffacf00b6dcce5964fb3f7f4173e3a18d159b98445cb7609486107aa163b555c2212090ce0edeb95657e3bf36f121350a9dcc7f85d90044ec50

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 50bd1e34d20cd19fe940a40c866dd4d4
SHA1 e0c5c821144cb68b79b5c1467b50396e30fa2601
SHA256 ceaeeff9f61aedea71e58a389a92c896a57bbcb6a3610dc704565e07aef2fe8e
SHA512 c7055e04daaa02988f2f2ccbb52d4c64f5c894c12efd85f1f9f38aa94489f3152216e40801062edae246c1263a4330891aca795b8672a70db39ecbbcda4ac60f

memory/2668-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 04:23

Reported

2024-10-16 04:25

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe"

Signatures

Renames multiple (4636) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\LockExit.tif.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe

"C:\Users\Admin\AppData\Local\Temp\07e61ab7766210250d0819f0b4b02f52f69c9848f5327b7b1b1075eb6319dba2N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/456-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 e4a14575e7d22bf00ba3653e49710386
SHA1 2021c445ba5046ffe1c3fdb63c0b99c3c225abda
SHA256 621393f40fd3ee00c0b72a1d6ef515d814475f97952db1fd56bd6ebd59dde79d
SHA512 895e4f2649cef9f7c8cef5686e9f9c694db661c0b08f021f468016b7281131ee556f41ace873cd5e0564ce390f9a8399f15233818dba17b4be72526a644a658a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 32c8b12eb08d4118c16d3b4f832c726b
SHA1 55c0f8855720a914d80c5434021902ba4bb7d168
SHA256 ee9cd4f4c76e6f8f5d7ad446a29b787d98d602e13acb135a87300a4e613cd650
SHA512 2f3bcfd398ccbe02883d12f96e681330744ee9a234fd1871f1b37d3ba7f171e042c565014b6a36607d647d04adf4c11e17d157147cd10b627aec44825edc2fb5

memory/456-777-0x0000000000400000-0x000000000040A000-memory.dmp