Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-gbbcaszbkp
Target 7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N
SHA256 7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8

Threat Level: Likely malicious

The file 7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4638) files with added filename extension

Renames multiple (3159) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:37

Reported

2024-10-16 05:39

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Signatures

Renames multiple (3159) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Mozilla Firefox\update-settings.ini.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Network

N/A

Files

memory/2256-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 6965535ec949e6a6de85ad436f0e3785
SHA1 d8cb4f05b22d8b555037b382652456cda1673fcb
SHA256 12472417e1fb1a7795ae547839a7cff9ad99fc3d8b40cbb076b7f8578630aec3
SHA512 2f52d6974b7fd2f2027bb242cec0044c4c5fdb278c2f6e19866b5a26068375f215d0a890058a25b0d4e600c1b57ff19a344957a14ea1c414ed762fcd430be754

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 371d3f43f29f4a29047c0e6543f5100d
SHA1 c7a159b258e2a48467359538ba2280b36c764f0c
SHA256 51e947a20b2ef3a13753bc6a450680ac8a4475317c87b2377525a07d704cf5ec
SHA512 af2d65ffa1e0c292fc3ef2d24e98e3dfe1c3874a5571f4e7e3ea230f9cfa1fd6d923be9ff5e3609feb506b4a0ff477b9f9f799ee61dc7ca7fd4481471acdc23d

memory/2256-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:37

Reported

2024-10-16 05:39

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Signatures

Renames multiple (4638) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/1068-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 fbeec4fe139874f1c6327780f206a6b8
SHA1 54000df5b88f0b4fab8449ac8accdb6140c68e89
SHA256 a4700a9814b84b41f781fc65c34c241baa59e76ca613ff0bf39df7afa9f50a01
SHA512 ce71fb4418acf204b97f45546434dcf3ced451990c90ca2200d2ce58586dfc9b151a69014d84066d044f93ba8a9b886b892733f3fe704e8190f4df54aa3c85cc

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c8339821698c8e4a6775b2a97f3e7762
SHA1 3aad748ac1d211f9d847814d9339482d9ed81f2a
SHA256 b6189559707ab94fcb03fd1e49a29e2b146b7ab087975f6969996b612b2d3236
SHA512 644fc035614c206427afe5fa1d10a89d044f5cc1d9a54d3783b3bea600724cf88f6dbad8674c1c6fd1a31c01e039a6326ade5c69df1a77b274cd9351a26c0658

memory/1068-780-0x0000000000400000-0x000000000040B000-memory.dmp