Malware Analysis Report

2025-03-15 08:23

Sample ID 241020-3zwh2axgkh
Target 7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f
SHA256 7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f

Threat Level: Likely malicious

The file 7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5014) files with added filename extension

Renames multiple (3449) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 23:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 23:57

Reported

2024-10-21 00:00

Platform

win7-20240903-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe"

Signatures

Renames multiple (3449) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe

"C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe"

Network

N/A

Files

memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 c5fe427f011e5bd5726b069a4ac20e1b
SHA1 04d8b06616cf89ad799bf2ecb7cb38e3b54359e2
SHA256 b118b8d7240181d0e94d606734ca0a7b0ba147adb7abac376dd1ed970ac421e4
SHA512 92e14d30ae5085e3bc69d887ea01f701559b3e71ea2b2c3765acf6c2be4358f66958ba89af89e904f76465b97bdcf2d689c57f2df6b64e111a7c0b5dbc7e9151

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 954e1e100d388be2a5e9f9f529a30fc0
SHA1 9cfbd32029d0657f09707c14e7562588edf55865
SHA256 32b70a0e63422aa810bc7f30142f3ab3d173b7dd4e933bd8aa92d7dc61ecb59c
SHA512 cc3b6577f753864f99d9242adeb46d76608ad0e0a2a2df0c2d99dfb43a32e015b62a8a9674cefb24644ee199176e63e13c4e4276f626dcede4620efb168b2e9c

memory/2528-62-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 23:57

Reported

2024-10-21 00:00

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe"

Signatures

Renames multiple (5014) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe

"C:\Users\Admin\AppData\Local\Temp\7f5e269446ddb40e1baf38a4031b1da1a2886414dc43ff3641667077ad0f544f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4660-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 65a429538cdbd69b82f194a20e0390f0
SHA1 9c20ad135d9029f58f5023dfadff780fc250b934
SHA256 8a23731842bb495897f37ca114795f3c7c3079dd80c033aa7e87cc773986d169
SHA512 8e50c4b7a1d56a0d5053ed3f230bf7b5e1fb4166ffdb94db1ce38b266436a35983050ccc336853f4b8e34a5a59df9f3acd47452be0aec5e2243eb536387801ba

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6dbe7f430786d384157e61f4533f71ca
SHA1 ee565840d41d57eacc02ceb3ffcc6e5d140966d5
SHA256 77f913f6b984df1d3f9a755adeed3bd6aa6fa330cb3174e4baeec0fb0bb4cb03
SHA512 29abdb6a0415b74d18e852a11c659560a9c3475b92bb9f8cfbb4f600d6b57931e56c91c5b7825d7e6774ba82d5255bec3e3f90063b4178989e639ed2932a77fb

memory/4660-678-0x0000000000400000-0x000000000040B000-memory.dmp