Malware Analysis Report

2025-01-22 20:15

Sample ID 241019-zwrh5ayeqb
Target b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N
SHA256 b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211

Threat Level: Likely malicious

The file b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4108) files with added filename extension

Renames multiple (245) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 21:04

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 21:04

Reported

2024-10-19 21:06

Platform

win7-20241010-en

Max time kernel

120s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe"

Signatures

Renames multiple (245) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\FormatUndo.001.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe

"C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe"

Network

N/A

Files

memory/2880-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 f693b74c2305e033e454980b26d67d20
SHA1 a2548be1aa8a1b0eb6b8b0d40a074b59f82b4211
SHA256 362a7fdb2388bdf181da28ee2dc84bd9e9388dc1ad68f99f80ea5406848e3350
SHA512 b4cfd50336f4e272ab161188f416dc23f0b4cc91868347fb5d9c220b1df9781270735d47bb41a906c0e51887221151f3f32c0df2df334fc44a7ed1737f4c15d9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cd6b60225da2bfeac9862210bce7682e
SHA1 8886a194115f2f15ddfffbd100d57e3226084735
SHA256 21efc9f77f444bbb7415182268e96e2f03052d3c9ea2b333e4335bcac9f8e66d
SHA512 d1045b4854d879c1c12a1722ccc5ebf7e4b28d8ea9e48d36017303a9a6ab8b7d51aa6fe7b2aba0280ef1f6a7cfbbe48b00609b06b3833c0cf78b64552c4888c8

memory/2880-20-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 21:04

Reported

2024-10-19 21:06

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe"

Signatures

Renames multiple (4108) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Google\Chrome\Application\initial_preferences.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe

"C:\Users\Admin\AppData\Local\Temp\b6fc0710dcc6fc515009aec0a4b805f12be294e4b75be9d03979305d66e9f211N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 28.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4272-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 28c6fdef587c72fe0f63e8da8e366a01
SHA1 2cb0dde1d280ed4e073e3f79511bd1bdffaf7f3b
SHA256 7fd67ce40416c832ee0c8245f9bde1dd4e351d6e26004c8f5035b7d3502366b2
SHA512 8080c71edb54694f9bb1830ea3a98e27c1cc016287d0b009a76f875d696376654637b91972a729159362cb77516a38608f7d69a762bf1888b83383344f621256

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ddacdb1f3b8b7c660e865ddc93b165de
SHA1 64750d00bc5703e45ab2493e030ff18fa4f327f3
SHA256 18b3054362c8f2202648fa2f844729a8ab260f97d20db027ccf232a4b86a8ec4
SHA512 1650699e4fca94ba7460f930ec16e37a6efb9eb76bf09f6e92aa7e83d717ebb92b93c28148efc47c5b93a5e8bbed7795c0fee403f0f486de723ec50d112f9c55

memory/4272-654-0x0000000000400000-0x000000000040B000-memory.dmp