Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-jthv7svcjq
Target 1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N
SHA256 1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274

Threat Level: Likely malicious

The file 1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3265) files with added filename extension

Renames multiple (4657) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:57

Reported

2024-10-16 07:59

Platform

win7-20240903-en

Max time kernel

119s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe"

Signatures

Renames multiple (3265) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\TraceAssert.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\UnprotectUndo.cab.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe

"C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe"

Network

N/A

Files

memory/1644-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 5756ff5f63f6da5149a07a7ee093ddef
SHA1 ce736a20bdc07f86adb4aef9daae12795a622a4c
SHA256 f874707a37ae0d991b4f5a7f36eb9fa028692e5327d20d44ea3220441ae86362
SHA512 7060fb7d871a6c85f382f1348e4a8780e510b8a87951bbf59c64fdca4ea8a352639bc14c7a9488d499d500a0ef24be571b4365a9c050934a4ba0a4361cff4a68

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2d79d059ed41181ef4c88cfbb40b9145
SHA1 1d72fe6644e63cf80381e13bbba537d1071680de
SHA256 d628f6b67aba5b8cfebae8e4d6740a2064f3ca0d045117817ad42eb87f9588f8
SHA512 fc539cfad6e0f09a85308adc58d6f721d0a6438861d48f852785742e08796186eedf4f0710c0569cddf3e77d896516c7e12c3b4e66336a6fd171553bb01b129b

memory/1644-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:57

Reported

2024-10-16 07:59

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe"

Signatures

Renames multiple (4657) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe

"C:\Users\Admin\AppData\Local\Temp\1f156a5cabbb083e2bf872e3a87e15ce6f78619362469a3be73dac7f996bc274N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1876-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 4d50b8d7a3a9b1bf4187b408e66bd0da
SHA1 e92497f88efedb169a128541b6868c81e6ebb078
SHA256 efa040d39bb1cf1a176bd15f9a345865de6ef3297b0df6eb460c4d21eecd99d8
SHA512 778e16ac84c0e9a210456f2dbf3fb57503d5d2e6083781678be1fca41b4b58efc225f921f2fb44f511b7256eadee1cc7ebfc6f3675a8b099df083d9652a2337c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 24a482c4b10f8f5bc7c91dd014cb7915
SHA1 e71c87414d43cd855c038f7dd0b41abc851be6fc
SHA256 4e4dc3dd2ce25d320eefb250cba4044ef62e373ed8e12f3c35f89d1850888aeb
SHA512 6ebd9f4800a5465b54d86855b160979fbe57114a461d94fd0e8abe2dc458e278425c8c08a86781d948ebc19a4ec29e126a7abd8815a3db94d10659a26dddfd68

memory/1876-782-0x0000000000400000-0x000000000040B000-memory.dmp