Malware Analysis Report

2025-01-22 20:15

Sample ID 241019-xewqeatfnl
Target 6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N
SHA256 6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613

Threat Level: Likely malicious

The file 6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4618) files with added filename extension

Renames multiple (3209) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 18:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 18:46

Reported

2024-10-19 18:48

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe"

Signatures

Renames multiple (3209) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre7\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\EnterUnprotect.vb.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre7\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe

"C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe"

Network

N/A

Files

memory/2768-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 9a67a790f9306db1ec60cd65464e7045
SHA1 04ee6853e4e5cf1670cb06d11d9b8da202c8baf8
SHA256 72a0a788f94f0d3feb8a4ce4e242151eb938b1561cf0388136267f930ec56835
SHA512 083e0cd8a0194de0068c20b66810b0f20fb65ac6afb00c6186fd2b85d81cf2ec8c599afb4b6b4ef3dd4c8bab53088076079829243b82e8bfe41499b22fd9e20e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 84fc2029fbd8ab0d5d2bedf1da78218b
SHA1 f3e074bacdbd66ae067d3dfc4e54cfe311ad581b
SHA256 53d1598450632822d3887dd489544e8bbfdec67ceaa684c8a247aec1da9ecfb1
SHA512 ca057d6cc2386f2c5f81db12a6442446d465c8e4344883752d740ada1ee51d6e398d7f2c3f813d54a93d24e00a4ec995138da031d6d3e9a92ffd557387af3af3

memory/2768-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 18:46

Reported

2024-10-19 18:48

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe"

Signatures

Renames multiple (4618) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe

"C:\Users\Admin\AppData\Local\Temp\6479694dc7f9ae5446d87b8cb69805b5082c2666666bdfca41afc2f35c079613N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2124-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 9e5d15f06748f4e3c8b7c4ef9f23e1a8
SHA1 4117ca928338142f1db9ddd2296beee65ca98b1c
SHA256 d72902bd7822657edfb402e70fcd8d0b2d4337936c600acbaeec34f4d5fb988b
SHA512 21261a0569f117ddd20095c1e206cdf6da25a784a8c9e4568641290a009b8f7c61535db6506ce290e9c9f4385ae4b8cc35f66bfe799615b850ab19f387dd29c7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b375c8c04e9c8126fd29dd31055dd340
SHA1 464e2085b807c523c4b3ee16c3670970c9b0d5d0
SHA256 ac6e2040ee0795821243d27ad66d6de70792138769a395001c5b5a3a9672395e
SHA512 c8bf9383d2934b02d3ad89862395487d2e01b6b4dae52db87f6df5b41938b0c468fd5458c250ff4f8af4bc68fb8ac2eba10c55f9ea5603c95176819699162675

memory/2124-754-0x0000000000400000-0x000000000040B000-memory.dmp