Malware Analysis Report

2025-03-15 08:23

Sample ID 241020-1e5j4atbjm
Target 6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN
SHA256 6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17d
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17d

Threat Level: Likely malicious

The file 6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4360) files with added filename extension

Renames multiple (3258) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 21:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 21:34

Reported

2024-10-20 21:36

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe"

Signatures

Renames multiple (3258) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe

"C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe"

Network

N/A

Files

memory/1732-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 ce620bcfee2186252bd5c0072300d8fb
SHA1 0ce1ce7cf40c35176b2c3b7f884bc4fe7fe71eb9
SHA256 2f93714a396014cd29d7118e578310d4ec50d36dd3570503fe4a537ea2739e77
SHA512 6da6d7fa9151be6d7ae8cff43f32bc104b4ddc86d4ec67aab1538d8480f49af964ea3180b3de707f70626fa975ab26c0d229a23654510ed1a90aa4a938e745e6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 78b7005ccec34ce7a2307efc5d755d56
SHA1 d1c6e6daf11844c23b4e9450c73397fdebd440ac
SHA256 4d6ce511c83fa76c159de929e1f89c4d8d59ece0d630b54b7f6c0e0f7aa3be7e
SHA512 19f8f929931567d10bffb33782e34645147f6e10b3bf3b026ce3b4677029fee6ff98555b7690c1103922eddc4e544df445cdad94b6769ece6fbf72dc8e5bb9ba

memory/1732-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 21:34

Reported

2024-10-20 21:36

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe"

Signatures

Renames multiple (4360) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\README.html.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe

"C:\Users\Admin\AppData\Local\Temp\6dded0f03c0b4852fbf9b8de77e56833ab729f651312c189cad8cc1c1f55f17dN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3328-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 a84e0982ca8e810b8b01eeea863c7ee7
SHA1 5d6d1b260546998931383baf629c45bafe3cb24b
SHA256 789bbf9151392d88df2b3e458320417dd6f81680d44b7e57f11912f09ae91eac
SHA512 9c1f98777b31b131163ae440cdbe32f607f8b1418bf9f8360e9e906b4af683b2ebc31b4c4c062bdd9be0977000d7637fa85e434c22d1aee9b3b811563430d6af

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 791bfbe13ad81a8d3cb626a15bb5c82a
SHA1 bf00db5c79a665345870a6e5d9bd12576e00e5d3
SHA256 0d3e4596b44cbb531419f2804a6001c856a867e10e6c47b6c8cb570dcd6a2b4b
SHA512 503659890d622bba2aa5cfd3cec9cad3e19b0c22b8639838f144003cc678d93d27865c47af65f297e3717547999248bc68dfbc154d5b82be28d1dc0bb6a78f70

memory/3328-661-0x0000000000400000-0x000000000040A000-memory.dmp