Malware Analysis Report

2025-03-15 08:09

Sample ID 241016-ktlsjascke
Target 1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN
SHA256 1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefc
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefc

Threat Level: Likely malicious

The file 1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4439) files with added filename extension

Renames multiple (2998) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:53

Reported

2024-10-16 08:55

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe"

Signatures

Renames multiple (2998) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe

"C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe"

Network

N/A

Files

memory/1292-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 12c4c6a57c57215d80f2ce3fa1492d98
SHA1 5242c23bce8d895f885c11420b5095fdd00740ce
SHA256 42b58bdfb2cbaf1c4eb7d24cceb1a09bfe7788be6fc1535921ce44687184e52c
SHA512 c87af6c8de313c109a2777f3ec05f1158a2bfd99d8ef4ba1971134471efdfac1c687d89ac7ad4bdb1c446a10c9f0dc210377c822b85776972b1d0b523c5c7588

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 19ee798547e7dd0694cfe5e93d3cfe9f
SHA1 6cdb7920d6cfc4fb712715a52c4d13cf41af531e
SHA256 3a4d2b3163129f082c6ebfee4e010041c90eea2922490dddeb5e5ec4b86c5a49
SHA512 1a16728d29c7ae396758190921273acd06849ab229ba1083555c42ed9236ee45b4a1da1ce271b713709d581a2318883a1334f2c589fa83f0cfa61cdf81b89686

memory/1292-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:53

Reported

2024-10-16 08:55

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe"

Signatures

Renames multiple (4439) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe

"C:\Users\Admin\AppData\Local\Temp\1a7044f17fdc664df4a8d819548612f6590b46ff0269d48b2e04ffc7a09aeefcN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3724-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 e2902f9d0ac3ff1af88bec1a9ab5195a
SHA1 95521108385aacd807cabbe3b0753b5f3b19b718
SHA256 8c87934c006b2a95bd88c3c81a801dd44be84ca3ac8cd89b823ebc7ebcd71222
SHA512 95f7f5d68ac2d40a2f12792f025b7948494f47562a6a3bd74e9ff410f204d1dd3bf9143fc64d773cdcf8e7be6c520cd314c6454be975c8faf9625a62363d1e57

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 84d14e6c118809643ada49bfc0709147
SHA1 0e62c8f75dcbfaf6cc0dc67e425456a35466c53b
SHA256 382714dc97d1305eba97150837dda9119d5028a0425b56e18db32076b1fa9458
SHA512 d4a413e5f3f555cd780a828938bcfe429ead9de04c3ef90095f3bd9aaccf70c355df8d62a5d02e9fe838cfb3e37b132bc67bc91f0278e54f1808fc508b5a0652

memory/3724-670-0x0000000000400000-0x000000000040B000-memory.dmp