Malware Analysis Report

2025-08-05 21:56

Sample ID 241006-kt6gyawgkl
Target f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN
SHA256 f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36c
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36c

Threat Level: Likely malicious

The file f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4616) files with added filename extension

Renames multiple (3287) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 08:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 08:54

Reported

2024-10-06 08:56

Platform

win7-20240729-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe"

Signatures

Renames multiple (3287) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe

"C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 d1b0e7a368366183c60192df6a7301cc
SHA1 e3d45a2e517d476f0f76d7ffd9e4320c6b39165e
SHA256 28d2027ad0c3332a7a6d4dbbec315f77b70c0e8e8238453fa08c89e18837aae4
SHA512 df7ca4957e22f61fe2572b712ef627acd9303065f1758cb72f870334a717573317ea5ef030c65032f760e2ad157d9aa76680da0c769217f5b66c8c381d008b47

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5ee15ee9dc5edce561e7aaf95a5c4091
SHA1 de980908e1bb06e106ce0cf4c4f4d2c1092b13f4
SHA256 f484f92a072f1995c91707efb2ff2ca63d246fca2053088ca0b68cb48411452a
SHA512 0682c431bf5023eb84350b69ed128590ad5404e6652bda1766361dbd098a4edddd43db17fcdc7af7595158374fc8ab6942c701ef72dcb4d01aa0938ad916d497

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 08:54

Reported

2024-10-06 08:56

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe"

Signatures

Renames multiple (4616) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe

"C:\Users\Admin\AppData\Local\Temp\f014907d62071c467ad49b8f4a12755b60d6f57f45c1a567e39fe2988d31b36cN.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4060,i,16315016104747277319,5510969007830467313,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

MD5 82a7c9eec11a49a60a904419b64b5a92
SHA1 d3cf79113727b8c51656c0a731781f2f4e52b708
SHA256 36c34c647e9413c01547319d9f2f85ad105984c890107ba0ae717ad5146e1111
SHA512 1a4c55464142103d11d3bf5df32f4d2297ff52ea253fd573842348156be36676a3ec1b21e98be39f872f40317326925acac9881ab46014b3f12202920e371436

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 8fc63f3d3d790a5baa3b144baf58acb9
SHA1 3aa2eaf289f60a40ccd1866b2ebf48a717b3db59
SHA256 7e321f783856edaba2d3bd490b8f3c256d539cea3f33bfe16219801b6e5d12aa
SHA512 b0cb0c2b9ecc4ee54d96726a4800af080bee992b88b23639130dac2f394c3dbe0476200dd3f0be46d98ca42b8743cf4024ccea6e87dd5728497e01c7a14a9bb7