Malware Analysis Report

2025-01-22 20:16

Sample ID 241019-zw6caa1bpq
Target bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN
SHA256 bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938f
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938f

Threat Level: Likely malicious

The file bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4682) files with added filename extension

Renames multiple (3434) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 21:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 21:05

Reported

2024-10-19 21:07

Platform

win7-20240729-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe"

Signatures

Renames multiple (3434) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe

"C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe"

Network

N/A

Files

memory/2488-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 e4c07ac2e47f0c5ea3c5c4ec33704e21
SHA1 3b59d29c33369380a2ecf45323b66577ea63a4cf
SHA256 3c94c8cdc697691ff4d4acf81dc11c6da529d63c8b014382a46559905c27b26a
SHA512 e96de3d4829a6e4925ecaa7b93a5effe143ee7aa104cf48a10adf4d39117dd06a01fa81cd80f7d1527443bca7c9cea8307b287a6fe1d6bc73afe5111e74db4a3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1c2ecd42c06d024a813a4d074eba0484
SHA1 f54f8b06ef798b1ad1e1718be3a65e20d1a316d4
SHA256 50f3d84f247217a7ca85b645e02fe8a5ebb69329389bf68f4be90f4a2d2b385f
SHA512 7dcf1979c109a91b33879c517c963795d495f46ce07559b6c881eb00718c013372d92dc0519f8be798ac5c0fc2c63634a44a72b92a585949c8ea443daae24d1f

memory/2488-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 21:05

Reported

2024-10-19 21:07

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe"

Signatures

Renames multiple (4682) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Crashpad\metadata.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe

"C:\Users\Admin\AppData\Local\Temp\bdcff6eb9990edf2e001bc37f4f3f493b207305a0f17818270834fed507b938fN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4820-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 61833cc4fd6fbab078c6b642623cbfb0
SHA1 11abbe154617a48001d9bfadb0f04b24ed651c22
SHA256 fd12a82ba0d4f4bc2163143cff1a84a141c8066a00c23e46ce2cc0564952edbb
SHA512 4282a6fc4115ed299125ed19efa38b422ed13204979ec849ec8194e977b2a93ddf17a3d82542f3aca6f78ccbf4310d6cfe9cdcb90928b6cf70b5c05fa4b347a2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 87c112d232f54d544a73cfd4fb606144
SHA1 9bdf0c37bcc18e468d416b899645831eddb1aae3
SHA256 8434e1b3326b29b7fd986f4966ffe679919dc530b16b41629960e586d38e149d
SHA512 4eb2732c7463af41ccd23e9bcb859af59bbae5e6e9ba259c480068dc72fb9c3ed7229bd2a578527d9edd26b036bc59ce5360f8d7659dd9d73537ad0ef5284543

memory/4820-658-0x0000000000400000-0x000000000040B000-memory.dmp