Malware Analysis Report

2025-03-15 08:17

Sample ID 241016-dx2jtszfld
Target 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N
SHA256 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0

Threat Level: Likely malicious

The file 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3215) files with added filename extension

Renames multiple (4629) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 03:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 03:24

Reported

2024-10-16 03:26

Platform

win7-20240903-en

Max time kernel

120s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"

Signatures

Renames multiple (3215) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\CheckpointMount.xhtml.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\UndoComplete.sys.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe

"C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 dbfe0f2b15b6f26f24b646bbba4ff20c
SHA1 8c1d5b6fd4b961cfcfc1d1cb432a1714f38e0c5d
SHA256 d36091382af7c3ef6e2855ad4fc79319fa0fd2f5011642623c07ae87cd28339d
SHA512 343d463e7d9b2300c0e2b36d5d3665bc6fd20914e37771bbb8b2833caf33edd527d6a82d8bb5a29ad92995ec5b790dada2146d2e775da5edf6dad02645922541

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6f67bf3562569ec9afdaabc60610d798
SHA1 c24a9c9336f9c4fd01a9f359bf39a01a3dc9ce40
SHA256 a05aa3bc7bbf4ca97e9f8e86893eca848d99578bb9d2429eec9798521b1d1f70
SHA512 2bbdae224448f0fa170c82498bbe8e84d8cf5c4b727fcc7d06d1fec799379d7894ab4cfef671629419d3452aeefc7d2d10cfa8af17d8cf8dc091df328dfdbbab

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 03:24

Reported

2024-10-16 03:26

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"

Signatures

Renames multiple (4629) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe

"C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 677ddaf55e22d7aa47b724a8be32d7ca
SHA1 809914fd1a5003eb86a0dd3ae1e611ae799e099f
SHA256 7a24428a4e6bef81f451918284c97216f511fc884c35f707bb91e4bf16792743
SHA512 b04df8973732176b7f34271f80447e91b3ea3d80ee8c06940495e65c226ae95e21030f7b014a705d4620f9a855a1cc9804f063e08f0f48f1069cc639ac98a539

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c47010625739685cb8956f4356790b86
SHA1 1ce674a8dfd3326042609c62062a3af6d8ffd084
SHA256 5e4dea3902709e6155182788b4480a5d710785e96726c6d96229b0869213b47b
SHA512 e6d479708e6a5a73bd024389bb8c621070a151996ee13b2002c6f6bd410e87987ca07f32fa81fa9320d4f35981454406aa14a99d6fc90f55c59c632d7f3fc83b