Malware Analysis Report

2025-01-22 19:54

Sample ID 241016-1be52axcqr
Target d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N
SHA256 d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9

Threat Level: Likely malicious

The file d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (2917) files with added filename extension

Renames multiple (4352) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 21:28

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 21:28

Reported

2024-10-16 21:30

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe"

Signatures

Renames multiple (2917) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe

"C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe"

Network

N/A

Files

memory/2648-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 e94f6f44c2400838899d05739407a75c
SHA1 a2ad21f9d39fc82cf8855b9400152f4fa3e94d0b
SHA256 1123e7d932cfeacd67d58888d54bc2ebc4e322258146bd007eba354492043eef
SHA512 1a2a7d36aa7bab04fcd24a27778b1abebfcfbf409a637987d700d88dc499683244fcbf877904b405d3dfc9df857a1b10b225aed6b0f4856de7e8aecb01e8dec8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 926b647ba5fcd546d5c7d97e308aec84
SHA1 dc113ebc8d7ed08fb703b7a1ef22571d1778a6da
SHA256 2844b7c61213e8e403c9493d4e69139c14a4c025cb0fa6a7a8c18f9d5058ad5f
SHA512 fc4eff3f1786149c807d3eaf1d9d1fd79b548600f1d75c135dbac853d92220f14a48cfa1f3223a280672d26ae31012972aeb671eee971ebb5c67ae0608e5ba2b

memory/2648-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 21:28

Reported

2024-10-16 21:30

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe"

Signatures

Renames multiple (4352) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\ApproveTest.vsdm.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe

"C:\Users\Admin\AppData\Local\Temp\d6bc51733ee3316b2dc7c774b24d09c5efa9676962410a94efdc4d237b53f8f9N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 5.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3296-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 19cffaa044ccefb2506753faa5df1676
SHA1 8aa420d4c38ec8493a401ba46f53dedae1a1d781
SHA256 864b5715c3f47336fb63e7cf2cbfe38eee76dda1d0f7a7c7b8b6d59a5f6a5d70
SHA512 a59dc0625246f1f2dc5ba93ea5a732e957596b1dbba3ba9df2917885dcd9628128c45ba3cbaf2a852c4f14c4e34ffbfa79c14381235fcfb1f39e1136321ad998

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6309473ff70723f695ea7bbbc880c4d3
SHA1 65c94b051ee1e0eaaa1fd10aaa04c5030e31dce8
SHA256 862e5ba6b45f617d3c0f21cf5becd5bb6e899ae062a8116a22175faa5841146e
SHA512 e77bbee13ad2ad097448389a978cd2fe1a8d62e82672bf55e005ff3f00186e231c52c5c24178ac63210824e4dd3458f5d023689369b984072ee3125e46a70c84

memory/3296-674-0x0000000000400000-0x000000000040B000-memory.dmp